Bug 110708 - No GPG signatures
No GPG signatures
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bret McMillan
Fanny Augustin
:
Depends On:
Blocks: 124619
  Show dependency treegraph
 
Reported: 2003-11-23 16:11 EST by Gabriel Schulhof
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-28 15:21:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gabriel Schulhof 2003-11-23 16:11:37 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1)
Gecko/20030225

Description of problem:
I'm subscribed to the following channels:

fedora-core-1
updates-released
updates-testing

When I run up2date against these channels, very often the packages I
download do not have GPG signatures. This is annoying, because I have
to click "Yes" for every package I download.  That is, "Yes", I want
to proceed installing it.

Version-Release number of selected component (if applicable):
up2date-4.1.16-1

How reproducible:
Always

Steps to Reproduce:
1. Subscribe to the channels listed above
2. Run up2date
3. Watch it ask you about missing GPG signatures for just about every
package.
    

Actual Results:  rpm packages thus downloaded and installed do not
have GPG signatures

Expected Results:  All rpm packages provided by RedHat are signed by
RedHat.

Additional info:
Comment 1 Chris Kuivenhoven 2004-09-04 16:21:31 EDT
This seems to still be the case under Fedora Core 3 test 1 "rawhide".
Performing incremental upgrades on a daily basis with up2date gui
within gnome, this is the case with every single update.

Granted, in this case these are development packages, but the behavior
of up2date is such that you have to wait around during package
download and click yes to every single package to accept it without
the signature. I would propose a "better" behavior to be allowing the
yes/no dialog to include a "use this action on all unsigned packages"
option so that we could at least skip all of the other dialogs, thus
eliminating this very time consuming and tedious step.

-Chris Kuivenhoven
Comment 2 Matthew Miller 2006-07-11 13:23:34 EDT
Fedora Core 1 is maintained by the Fedora Legacy project for security updates
only. If this problem is a security issue, please reopen and reassign to the
Fedora Legacy product. If it is not a security issue and hasn't been resolved in
the current FC5 updates or in the FC6 test release, reopen and change the
version to match.

Thanks!

NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy
project. After Fedora Core 6 Test 2 is released (currently scheduled for July
26th), there will be no more security updates for FC1. Please use these next two
weeks to upgrade any remaining FC1 systems to a current release.

Comment 3 John Thacker 2006-10-28 15:21:25 EDT
Closing per lack of response.  Note that FC1 and FC2 are no longer
supported even by Fedora Legacy.  Please install a still supported
version and retest.  If this still occurs on FC3 or FC4 and is a
security issue, please assign to that version and Fedora Legacy.

Note that up2date is not present in FC5 or FC6, the only current non-Legacy
Fedora Core releases.  However, related bugs may occur in yum, pirut, or other
updating mechanisms.

Note You need to log in before you can comment on or make changes to this bug.