On 2020-04-21 21:28, Ed Greshko wrote:
On 2020-04-22 11:49, ToddAndMargo via test wrote:
On 2020-04-21 19:32, Ed Greshko wrote:
On Wed, Apr 22, 2020, 09:41 ToddAndMargo via test <test@lists.fedoraproject.org
<mailto:test@lists.fedoraproject.org>> wrote:
On 2020-04-21 18:36, Ed Greshko wrote:
> On 2020-04-22 08:21, ToddAndMargo via test wrote:
>> Now the 64,000 dollar question is, is this a bug
>> or normal operation?
>
> It is an issue for the Brave distribution to address. Not
related to Fedora.
>
So, rpm was not suppose to overwrite the key?
Sound a lot like an rpm bug to me.
You will recall that the public key in installed as a separate act.
Not to beat a dead horse, but was that act performed by
"rpm" (a Fedora package) suppose to have overwritten
the previous key or just existed without an error
message?
No. Software packaged in the RPM format isn't by definition "Fedora". RedHat
did write the RPMstandard but it is used buy lots of folks to package their Software.
This includes Suse, RPMFusion,and Brave. It is up to the person creating the
specific
package to determine the actions taken duringinstall, upgrade, erasure.
The public keys are used to check the signatures of the rpm packagers. They
are normally controlled by a separate function.
In the case of Fedora itself you have fedora-gpg-keys-31-3.noarch.
Name : fedora-gpg-keys
Version : 31
Release : 3
Architecture : noarch
Size : 101 k
Source : fedora-repos-31-3.src.rpm
Repository : @System
From repo : updates
Summary : Fedora RPM keys
URL : https://fedoraproject.org/
License : MIT
Description : This package provides the RPM signature keys.
In the case of RPMFusion, there are multiple. One is rpmfusion-free-release.
Name : rpmfusion-free-release
Version : 31
Release : 1
Architecture : noarch
Size : 8.7 k
Source : rpmfusion-free-release-31-1.src.rpm
Repository : @System
From repo : rpmfusion-free
Summary : RPM Fusion (free) Repository Configuration
URL : http://rpmfusion.org
License : BSD
Description : RPM Fusion free package repository files for yum and dnf
: along with gpg public keys
It doesn't appear that Brave does the same.
It also isn't necessary, and seldom are old key removed as they are unique. I
should have told you thatit was not necessary to erase the old Brave key as the
old and the new had totally different names.
So, running
sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
Would have added gpg-pubkey-c2d4e821-5e7252b8 in addition to the older one
c2d4e821-5d13a788
Both the act of installing the key as well as the brave-browser are not
supplied or supported by the Fedora Community.
This is why my question is about the behavior of rpm not Brave
The behavior of "rpm" is defined by the person/project. The Brave project,
IMO, is deficient in this area.
Got it. Thank you!
_______________________________________________
test mailing list -- test@lists.fedoraproject.org
To unsubscribe send an email to test-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org
