You mean verification of metadata signatures? Is that what you want to change?
For this it would make more sense if rpm offers an API so that it can do the
verification. Currently upper layers have to export the keys from the rpmdb,
import them into gpg (if they use gpg for this) and then use gpg for
verification.
But we're hijacking this issue about signify by discussing something completely
different. Could you please open another issue?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1193#issuecomment-617742461
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
