On Thu, 2008-09-18 at 13:01 -0600, Stephen John Smoogen wrote: > On Thu, Sep 18, 2008 at 12:54 PM, Mike McLean <mikem redhat com> wrote: > > > > This problem is hardly unique to EPEL. Any third-party repo is going to have > > such problems. It is not that difficult for an admin to install > > epel-release. I've done it myself and found it trivial. But EPEL is not just "any" 3:rd party repo. EPEL is brought to you by Fedora and Fedora has very close ties to Red Hat. So IMHO, it's a bad thing to take advantage of those. > > Heck, the redhat-release packages provide keys that they themselves are > > signed with. I don't think this is a problem; you have to start somewhere. > > > > I do agree we need to start from somewhere. I think we should start > from the redhat key since that is one that is locked on lots of cdrom > media etc for people to trust against. After that, we should have the > EPEL key signed by that one and then the resulting fingerprints > published in appropriate places. +1 Chances are that someone who wants to install epel-release already is trusting the RHEL key. -- David Juran Sr. Consultant Red Hat +358-504-146348
Attachment:
signature.asc
Description: This is a digitally signed message part