Michael Schroeder

It needs to get a new release when the key us updated, otherwise the rpm --import will just do nothing.

OTOH rpm only looks at the keyid to check if the key is already present since some time...

...since the keyring changes done in 2008. I'm so out of touch with rpm...

Yes. The old code was very stupid in that regard, it just took the time from the first signature. It didn't even check if the signature really was a self-signature....

I know that. It does not need to be 100% correct (it obviously can't). The use case is to have a different release when the expire time of a key...

And you should certainly not ask a keyserver for keys you want to import into the rpm database.

I don't get that. Currently rpm will not import anything at all if the keyid is already known. I'm not even talking about what rpm --import does (it should probably...

You can't trust keys.openpgp.org to only return key material for the query, so you need to check the returned data to make sure it doesn't contain an extra pubkey. It...

The code in doDefine() supports multiline macros, it's that nasty rdcl() function that is to blame here.

I think the original intend was to make the macro definitions look like bash function definitions.