Bug 462234 - pygpgme is signed with old key
pygpgme is signed with old key
Product: Fedora
Classification: Fedora
Component: pygpgme (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Toshio Ernie Kuratomi
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-09-14 13:09 EDT by Kasper Dupont
Modified: 2008-09-15 00:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-15 00:30:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kasper Dupont 2008-09-14 13:09:52 EDT
Description of problem:
The only version of pygpgme that yum can download is signed with the old potentially compromised key.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Update fedora-release
2. rpm -e gpg-pubkey-4f2a6fd2-3f9d9d3b
3. yum update
Actual results:
yum finds that some packages are signed with the old key and asks if I want to install it again.

Expected results:
yum would be able to find a version signed with the new key.

Additional info:
There were a few other packages with the same symptoms, but all the others existed in the DVD image I downloaded long before the compromise. pygpgme is the only package that yum depends on, which could not be found from any secure source.
Comment 1 Toshio Ernie Kuratomi 2008-09-15 00:30:40 EDT
This sounds like a problem that rel-eng might need to fix or it might be that rel-eng has only resigned the updates repo so far, not the packages in the Everything repo.  You can ask on fedora-devel-list or open a ticket in their issue tracker:


This is not a bug in the individual package and shouldn't be fixed by action here, though.

Note You need to log in before you can comment on or make changes to this bug.