Project

General

Profile

Bug #11276

Changing GPG key on a library repository can break content views that contain that repository

Added by Eric Helms almost 5 years ago. Updated 9 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
hard
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Since all repositories and their clones are represented by the same content ID in Candlepin, if a user changes the GPG key on the library version of a repository, any content views that contain that repository may be broken. In other words, if the user changes the GPG key because say it expired, and then attempts a package install from a content view in production that was signed by the old key those packages own't be installable without turning off GPG key validation.

History

#1 Updated by Eric Helms over 4 years ago

  • Legacy Backlogs Release (now unused) set to 86

#2 Updated by Eric Helms about 4 years ago

  • Legacy Backlogs Release (now unused) changed from 86 to 143

#3 Updated by Justin Sherrill almost 4 years ago

  • Category set to 78
  • Legacy Backlogs Release (now unused) changed from 143 to 114
  • Difficulty set to hard

#4 Updated by John Mitsch 9 months ago

  • Target version deleted (Katello Backlog)
  • Status changed from New to Rejected

Thanks for reporting this issue. This issue was created over 4 years ago and hasn't seen an update in 1 year. We are closing this in an effort to keep a realistic backlog. Please open up a new issue that includes a link to this issue if you feel this still needs to be addressed. We can then triage the new issue and reassess.

Also available in: Atom PDF