Missing signed package rpm - no pgp key found

stephane · June 7, 2019, 4:43pm

i have this message error for upgrade

“Total 30 MB/s | 130 MB 00:04
Le paquet lib64bz2_1-1.0.6-32-omv4000.x86_64.rpm n’est pas signé
Les paquets téléchargés ont été mis en cache jusqu’à la prochaine transaction réussie.
Vous pouvez supprimer les paquets en cache en exécutant « dnf clean packages ».
Erreur : La vérification GPG a ÉCHOUÉ”

rugyada · June 7, 2019, 4:52pm

$ sudo dnf --refresh --nogpgcheck upgrade

stephane · June 7, 2019, 10:01pm

so we can trust any package in this case ?
or you know who has forget to reconduct his pgp keys ?

or why you don’t have rebuilds with your pgp keys ?

ben79 · June 7, 2019, 11:38pm

The problem is caused by a error in signing packages in our ABF. The issue is known and is being worked on and should be corrected soon.

Whether or not to trust unsigned packages is up to each user. There is certainly no harm in waiting to upgrade ones system until this issue is corrected.

I do trust them myself and I do use the --nogpgcheck option when this come up.