 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 27 Feb 2012 20:39:11 +0400 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Pat Riehecky wrote:
> On 02/27/2012 09:01 AM, Dmitry Butskoy wrote:
>>>
>>> Can I have you check again with rpmdev-checksig? The zlib rpm you
>>> listed below is signed by TUV and by SL, perhaps it is only checking
>>> the
>>> one key.
>>
>> Could you please explain how you sign these packages?
>>
> We are just running rpm --addsign
I've performed some tests, playing with my own gpg-key, and I cannot
reproduce your behaviour. :(
(All tests are under the currrent SL-6.2 x86_64 system).
Each time I do "rpm --addsign", the old sign is always removed (for
TUV-signed only, broken twice-signed or not signed at all packages).
Then, "rpm -K" shows "OK", with only my new gpg (just signed) key.
Could you please perform the similar tests somewhere? I wonder how you
produce such a signed file(s) in your environment. Such results IMO
should never happen.
Regards,
Dmitry Butskoy
|
|
|
