[BZ 432811] EPEL key in RHEL

Michael Stahnke mastahnke at gmail.com
Thu Sep 18 17:38:04 UTC 2008

On Thu, Sep 18, 2008 at 12:24 PM, David Juran <djuran at redhat.com> wrote:
> Hello.
> I see a debate is starting to arise on the benefits of including the EPEL key in RHEL. The problem I originally wanted to solve when I proposed this, was to avoid the chicken-egg problem with how to trust the epel-release package that contains the EPEL key if you don't already have the key. But yes, there is the problem of keeping the keys in sync.
>  In my opinion it doesn't make much sense to sign a package with a key that is contained in that very package. So what other approaches are there? Would it be possible to have epel-release signed by the RHEL key? Would EPEL want to? Would Red Hat do it if asked nicely?
> /David
David, that is an excellent point.  I will follow up with that next
week.  (Travelling this week).

> _______________________________________________
> epel-devel-list mailing list
> epel-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/epel-devel-list

More information about the epel-devel-list mailing list