[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [BZ 432811] EPEL key in RHEL

From: "Michael Stahnke" <mastahnke gmail com>
To: "EPEL development disccusion" <epel-devel-list redhat com>
Subject: Re: [BZ 432811] EPEL key in RHEL
Date: Thu, 18 Sep 2008 12:38:04 -0500

On Thu, Sep 18, 2008 at 12:24 PM, David Juran <djuran redhat com> wrote:
> Hello.
>
> I see a debate is starting to arise on the benefits of including the EPEL key in RHEL. The problem I originally wanted to solve when I proposed this, was to avoid the chicken-egg problem with how to trust the epel-release package that contains the EPEL key if you don't already have the key. But yes, there is the problem of keeping the keys in sync.
>  In my opinion it doesn't make much sense to sign a package with a key that is contained in that very package. So what other approaches are there? Would it be possible to have epel-release signed by the RHEL key? Would EPEL want to? Would Red Hat do it if asked nicely?
>
> /David
>
David, that is an excellent point.  I will follow up with that next
week.  (Travelling this week).

stahnma
>
>
> _______________________________________________
> epel-devel-list mailing list
> epel-devel-list redhat com
> https://www.redhat.com/mailman/listinfo/epel-devel-list
>

References:
- [BZ 432811] EPEL key in RHEL
  - From: David Juran

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]