[BZ 432811] EPEL key in RHEL
Stephen John Smoogen
smooge at gmail.com
Thu Sep 18 19:13:56 UTC 2008
On Thu, Sep 18, 2008 at 1:10 PM, Mike McLean <mikem at redhat.com> wrote:
> Stephen John Smoogen wrote:
>> I do agree we need to start from somewhere. I think we should start
>> from the redhat key since that is one that is locked on lots of cdrom
>> media etc for people to trust against. After that, we should have the
>> EPEL key signed by that one and then the resulting fingerprints
>> published in appropriate places.
> o boy. That sounds like a tall order. We'll have to ask pm and legal about
> that one.
> At any rate, I don't think the signing you suggest will make installing
> epel-release any easier for anyone.
In the end its not about making the install easier. Its more about
trust of that installation. If the Fedora Keys are signed by the Red
Hat master GPG key... should EPEL be also signed if it is being used
for various Red Hat projects (spacewalk-0.3, cobbler, etc).
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the epel-devel-list