<p>Yes this is actively used by the Yocto Project.  It allows us to have a single location in the system that contains all of the software keys, and can be updated dynamically by authorized systems/components.  Having to load keys (manually) into the rpm database, makes it very difficult to support devices that can't be serviced and have no console.  Instead we can remove old keys and install new keys [passing appropriate selinux/ima/etc security methods] by updating files.</p>
<p>It also allows developers to open up devices for user control by installing secondary keys for user-packages to 'unlock' an otherwise locked device.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/pull/857?email_source=notifications&email_token=ADLPZU3LWKDFMKY7RK6B6U3QLTWCNA5CNFSM4IZ6BV6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7WLCJI#issuecomment-535605541">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ADLPZUYXTC52TOD5CWGHR4LQLTWCNANCNFSM4IZ6BV6A">mute the thread</a>.<img src="https://github.com/notifications/beacon/ADLPZU56NTCRR3RHZI6MC5DQLTWCNA5CNFSM4IZ6BV6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7WLCJI.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/rpm-software-management/rpm/pull/857?email_source=notifications\u0026email_token=ADLPZU3LWKDFMKY7RK6B6U3QLTWCNA5CNFSM4IZ6BV6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7WLCJI#issuecomment-535605541",
"url": "https://github.com/rpm-software-management/rpm/pull/857?email_source=notifications\u0026email_token=ADLPZU3LWKDFMKY7RK6B6U3QLTWCNA5CNFSM4IZ6BV6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7WLCJI#issuecomment-535605541",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>