[Yum-devel] pygpgme and yum

[seth vidal]

Hi folks,
 I've been mucking with detached signature verification for handling
repomd.xml verifies using gpg sigs. I've got a very simple test working
and it's a place to start from. All this is good. Now, I'm looking at
what will be necessary to make this all work inside yum. The items we'll
need to implement is:

1. gpg keyring outside of the rpmdb for verifying the repomd.xml
   - we could do either:
      1. make  gpg keyring on the fly from the pubkey entries in the
rpmdb and 
         save it
      2. when we import the gpg keys to begin with we also import them
into this 
         gpg keyring

2. obviously the verification routine

The only recently maintained gpg module is gpgme. So I've been playing
with that. It's not the most trivial interface but I'm working my way
through it. What I'm curious about is if anyone has any experience with
other python interfaces to gpg and/or suggestions on another way to
approach this.

Thanks,
-sv