Learn more about these different git repos.
Other Git URLs
The only version of pygpgme that yum can download is signed with the old potentially compromised key. I have installed the new fedora-release package and removed the old key. But when trying to run "yum update" it suggests to install the old key again because pygpgme is signed with it. (There are other packages with the same symptom, but those I could find in the DVD image I installed from, pygpgme was not there).
The release content (not the updates) is still signed with the old key. We're working to replace that, but we're not ready yet. In the interest of getting critical updates to our users, we went ahead with having updates pushed out with the new key before we could replace all the existing content. Please be patient. We still do not have any evidence that would point to our old key being used by anybody other than Fedora.
Login to comment on this ticket.