Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Context: Upgrade FC6 --> F7
2.yum update tkcvs (or graphical interface)
> Package tkcvs-8.0.4-2.fc7.noarch.rpm is not signed
> yum --nogpgcheck update tkcvs
This is a known problem. It will take some time for the packages to be signed
and make through the mirrors again.
Reopening this bug since it's still not fixed.
Since this bug blocks yum from updating a system, with far-reaching
consequences for system security, I believe it can not wait for the next release
(Fedora 8?!?!?) Adjusting priority and severity accordingly.
*** Bug 242347 has been marked as a duplicate of this bug. ***
However, I don't think this is the right component for the problem.
The only thing I can do is to rebuild the packages.
Jesse, an rpm that got pushed without being signed, is that you area?
A signed copy is now on the mirrors.
No, it's not )-:
And the Koji web interface is down.
Hmmm, maybe this issue ought to be transferred to component 'distribution'...
Erm, Can you show me where on the master mirror this package is unsigned? Are
you sure you don't have an out of date mirror?
hmmm, not too sure. How can I know which mirror was used when the update was run?
Here is my yum conf (standard I think):
name=Fedora $releasever - $basearch
name=Fedora $releasever - $basearch - Updates
do a yum clean metadata; uncomment the baseurl in both fedora and updates,
comment out the mirrorlist, then do your update. That should force it to pull
from the master mirrors.
Ahhh I see, I was looking for an updated package in the updates directory, not a
fixed package in the "base" directory. Are mirrors really synching the base
directory since it's presumably supposed to be immutable? E.g.
Anyway, this problem with tkcvs is fixed, thanks for the help (-:
I announced to our mirrors that I was updating the content. Maybe some of them
didn't get the memo :/