EPEL meeting summary/minutes - 2009-07-17

Stephen John Smoogen smooge at gmail.com
Sun Jul 19 23:45:34 UTC 2009


On Sat, Jul 18, 2009 at 2:12 PM, Michael Stahnke<mastahnke at gmail.com> wrote:
>> FWIW, RPM Fusion has this in it's FAQ for Fedora:
>>
>> """
>> How can I list all installed RPM Fusion Packages
>>
>> Use a command like this on Fedora:
>>
>> rpm -qa --qf '%{NAME} %{SIGGPG:pgpsig} %{SIGPGP:pgpsig} \n' | grep -e
>> 855099b249c8885a -e 206f8182b1981b68 -e ad2708448fcff4da -e
>> 4d2a1bdc8dc43844 | awk ' { print $1 } ' | sort
>> """
>>
> I do like the simplicity of this command.  I will probably replicate it.
>

I don't thin thats something very simple you can type into IRC when
someone says "EPEL broke my XYZ system." Most of the people who come
on aren't Unix/Linux administrators.. they are windows people who have
to administer some Linux box.

Normally I have to get something like rpm -q foobaz and then find out
that they have a package that looks like its from EPEL but not very
easily. Then I go and dig deeper and one of the sub-dependencies is a
.rf packge (or vice versa). Why did they do this? Because they googled
and found from X million Thought Exchange sites that you need to get
some perl thing they needed form rpmforge and some other package from
epel. They followed the directions on installing the repos and tada
now they are broke.

Yes the tag can be forged. Guess what.. someone could make an rpm of
epel-release that is GPG key signed if they wanted too and very few
are going to know the difference either. How many people really check
to see if the packages signature is really there, that the people who
have signed it are really trusted etc. Maybe 1 in 20 system admins at
most? Too many are just guys who are trying to get stuff done and are
getting it from someone who pointed them to get it at X. If they are
lucky they will go to Freenode's #rhel, but more likely they will be
in some other #undernet or where-ever Windows administrators get their
stuff from.

-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning




More information about the epel-devel-list mailing list