[BZ 432811] EPEL key in RHEL
Michael Stahnke
mastahnke at gmail.com
Thu Sep 18 17:38:04 UTC 2008
On Thu, Sep 18, 2008 at 12:24 PM, David Juran <djuran at redhat.com> wrote:
> Hello.
>
> I see a debate is starting to arise on the benefits of including the EPEL key in RHEL. The problem I originally wanted to solve when I proposed this, was to avoid the chicken-egg problem with how to trust the epel-release package that contains the EPEL key if you don't already have the key. But yes, there is the problem of keeping the keys in sync.
> In my opinion it doesn't make much sense to sign a package with a key that is contained in that very package. So what other approaches are there? Would it be possible to have epel-release signed by the RHEL key? Would EPEL want to? Would Red Hat do it if asked nicely?
>
> /David
>
David, that is an excellent point. I will follow up with that next
week. (Travelling this week).
stahnma
>
>
> _______________________________________________
> epel-devel-list mailing list
> epel-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/epel-devel-list
>
More information about the epel-devel-list
mailing list