[Rpm-maint] [rpm-software-management/rpm] GPG key interpreted as PGP key (Issue #2410)
Ricky-Tigg
notifications at github.com
Tue Mar 7 14:43:42 UTC 2023
Along with that unconventional issue, the user is probably left with an unknown: _How to determine how or by who the Red Hat GPG/DSA key was imported?_ Could it be me that imported a such package?
```
$ rpm -qa --scripts gpg-pubkey* --qf '%{version}-%{release} %{packager}\n'
5323552a-6112bcdc Fedora (37) <fedora-37-primary at fedoraproject.org>
ba3c3a2c-5eb88cc6 https://packagecloud.io/shiftkey/desktop (https://packagecloud.io/docs#gpg_signing) <support at packagecloud.io>
```
I understand that so-called _fake_ package is created in order to satisfy a non-critical dependency. Then it would be expected to have as output here a package it is required by. However it is not so. That's confusing.
```
$ rpm -q --whatrequires gpg-pubkey-5323552a-6112bcdc
no package requires gpg-pubkey-5323552a-6112bcdc
```
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2410#issuecomment-1458295913
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2410/1458295913 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230307/7a6a9136/attachment-0001.html>
More information about the Rpm-maint
mailing list