On 10/31/2017 03:52 AM, Miroslav Suchý wrote:
And I wonder: is it a good idea to keep old gpg keys in RPM db? Or
should we automate the removal of old keys?
I'd be all for cleaning up old keys.
However, I would be cautious to not delete keys that are still in use. Example: User
has Fedora 29 installed and has a package from Fedora 21 still installed as it was
retired, but it has no dependencies that would cause it to fail.