[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [BZ 432811] EPEL key in RHEL



On Thu, Sep 18, 2008 at 1:10 PM, Mike McLean <mikem redhat com> wrote:
> Stephen John Smoogen wrote:
>>
>> I do agree we need to start from somewhere. I think we should start
>> from the redhat key since that is one that is locked on lots of cdrom
>> media etc for people to trust against. After that, we should have the
>> EPEL key signed by that one and then the resulting fingerprints
>> published in appropriate places.
>
> o boy. That sounds like a tall order. We'll have to ask pm and legal about
> that one.
>
> At any rate, I don't think the signing you suggest will make installing
> epel-release any easier for anyone.
>

In the end its not about making the install easier. Its more about
trust of that installation. If the Fedora Keys are signed by the Red
Hat master GPG key... should EPEL be also signed if it is being used
for various Red Hat projects (spacewalk-0.3, cobbler, etc).


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]