Changing GPG key on a library repository can break content views that contain that repository
Since all repositories and their clones are represented by the same content ID in Candlepin, if a user changes the GPG key on the library version of a repository, any content views that contain that repository may be broken. In other words, if the user changes the GPG key because say it expired, and then attempts a package install from a content view in production that was signed by the old key those packages own't be installable without turning off GPG key validation.
#4 Updated by John Mitsch 9 months ago
- Target version deleted (
- Status changed from New to Rejected
Thanks for reporting this issue. This issue was created over 4 years ago and hasn't seen an update in 1 year. We are closing this in an effort to keep a realistic backlog. Please open up a new issue that includes a link to this issue if you feel this still needs to be addressed. We can then triage the new issue and reassess.