Red Hat Bugzilla – Bug 462234
pygpgme is signed with old key
Last modified: 2008-09-15 00:30:40 EDT
Description of problem:
The only version of pygpgme that yum can download is signed with the old potentially compromised key.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Update fedora-release
2. rpm -e gpg-pubkey-4f2a6fd2-3f9d9d3b
3. yum update
yum finds that some packages are signed with the old key and asks if I want to install it again.
yum would be able to find a version signed with the new key.
There were a few other packages with the same symptoms, but all the others existed in the DVD image I downloaded long before the compromise. pygpgme is the only package that yum depends on, which could not be found from any secure source.
This sounds like a problem that rel-eng might need to fix or it might be that rel-eng has only resigned the updates repo so far, not the packages in the Everything repo. You can ask on fedora-devel-list or open a ticket in their issue tracker:
This is not a bug in the individual package and shouldn't be fixed by action here, though.