Dmitry Butskoy wrote:
> Pat Riehecky wrote:
>>
>> We are just running rpm --addsign

New updates form "fastbugs" still have this issue.

Does anybody working on it or at least planning to work? How can I help?

"rpm -K" is something about "security", and any inaccuracy in it looks 
too strange...

Note again, that I cannot reproduce such "rpm --addsign" behaviour under 
the latest SL-6.2 with all updates installed.
>
> I've performed some tests, playing with my own gpg-key, and I cannot 
> reproduce your behaviour. :(
>
> (All tests are under the currrent SL-6.2 x86_64 system).
>
> Each time I do "rpm --addsign", the old sign is always removed (for 
> TUV-signed only, broken twice-signed or not signed at all packages). 
> Then, "rpm -K" shows "OK", with only my new gpg (just signed) key.
>
> Could you please perform the similar tests somewhere? I wonder how you 
> produce such a signed file(s) in your environment. Such results IMO 
> should never happen. 

Regards,
Dmitry Butskoy