The RPM-GPG-KEY-redhat-legacy-release that was used to verify rpm signatures on RHEL 5 is bundled within the convert2rhel rpm and convert2rhel imports the GPG key during the conversion.

The reason why convert2rhel imports RHEL gpg keys is for rpm/yum to trust the RHEL rpms that are being installed during the conversion. Convert2rhel dropped support for converting to RHEL 5 long time ago hence there's no need to import the GPG key used to sign RHEL 5 packages.

Acceptance criteria

• the https://github.com/oamg/convert2rhel/blob/main/convert2rhel/data/version-independent/gpg-keys/RPM-GPG-KEY-redhat-legacy-release is removed from the repo and with that:
  • it's not shipped within the convert2rhel rpm
  • it's not imported during the conversion