#808: pygpgme is signed with old key -----------------------+---------------------------------------------------- Reporter: anonymous | Owner: rel-eng@lists.fedoraproject.org Type: task | Status: new Milestone: | Component: other Keywords: | -----------------------+---------------------------------------------------- The only version of pygpgme that yum can download is signed with the old potentially compromised key. I have installed the new fedora-release package and removed the old key. But when trying to run "yum update" it suggests to install the old key again because pygpgme is signed with it. (There are other packages with the same symptom, but those I could find in the DVD image I installed from, pygpgme was not there).
#808: pygpgme is signed with old key ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: rel-eng@lists.fedoraproject.org Type: task | Status: closed Milestone: | Component: other Resolution: invalid | Keywords: ------------------------+--------------------------------------------------- Changes (by jkeating):
* status: new => closed * resolution: => invalid
Comment:
The release content (not the updates) is still signed with the old key. We're working to replace that, but we're not ready yet. In the interest of getting critical updates to our users, we went ahead with having updates pushed out with the new key before we could replace all the existing content. Please be patient. We still do not have any evidence that would point to our old key being used by anybody other than Fedora.
rel-eng@lists.fedoraproject.org