[BZ 432811] EPEL key in RHEL
David Juran
djuran at redhat.com
Fri Sep 19 07:31:25 UTC 2008
On Thu, 2008-09-18 at 13:01 -0600, Stephen John Smoogen wrote:
> On Thu, Sep 18, 2008 at 12:54 PM, Mike McLean <mikem at redhat.com> wrote:
> >
> > This problem is hardly unique to EPEL. Any third-party repo is going to have
> > such problems. It is not that difficult for an admin to install
> > epel-release. I've done it myself and found it trivial.
But EPEL is not just "any" 3:rd party repo. EPEL is brought to you by
Fedora and Fedora has very close ties to Red Hat. So IMHO, it's a bad
thing to take advantage of those.
> > Heck, the redhat-release packages provide keys that they themselves are
> > signed with. I don't think this is a problem; you have to start somewhere.
> >
>
> I do agree we need to start from somewhere. I think we should start
> from the redhat key since that is one that is locked on lots of cdrom
> media etc for people to trust against. After that, we should have the
> EPEL key signed by that one and then the resulting fingerprints
> published in appropriate places.
+1
Chances are that someone who wants to install epel-release already is
trusting the RHEL key.
--
David Juran
Sr. Consultant
Red Hat
+358-504-146348
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/epel-devel-list/attachments/20080919/9abd7e65/attachment.sig>
More information about the epel-devel-list
mailing list