pmatilai
commented
4 days ago Right, we could have a keystore "rebuild" mode akin to how rpmdb backend can be changed by rebuilding it.
I was pretty much thinking of just letting users reimport the keys though - a distro user will only see 4.x -> 6.x and the associated keystore change when upgrading their distro, and at least in Fedora each version has their own key so lots of unused cruft accumulates over time. My home server has keys from eight different Fedora versions imported.
Pratically we only really support gpg-pubkey packages as storage for pgp keys. If we support more backends in earnest we need a way to move keys from one storage backend to another to prevent users needing to re-import the keys.
This should probably be done completely automatically to make transition from one default to another easy and seamless. Alternatively would could offer a way to export the keys to a script(let) could export them, switch the default and then re- import the keys. While adding support to export keys may seem useful (although may not really needed if stored on disk anyway) doing the transition within rpm itself if probably less hassle and saver.