[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [BZ 432811] EPEL key in RHEL



On Thu, 2008-09-18 at 13:01 -0600, Stephen John Smoogen wrote:
> On Thu, Sep 18, 2008 at 12:54 PM, Mike McLean <mikem redhat com> wrote:

> >
> > This problem is hardly unique to EPEL. Any third-party repo is going to have
> > such problems. It is not that difficult for an admin to install
> > epel-release. I've done it myself and found it trivial.

But EPEL is not just "any" 3:rd party repo. EPEL is brought to you by
Fedora and Fedora has very close ties to Red Hat. So IMHO, it's a bad
thing to take advantage of those.

> > Heck, the redhat-release packages provide keys that they themselves are
> > signed with. I don't think this is a problem; you have to start somewhere.
> >
> 
> I do agree we need to start from somewhere. I think we should start
> from the redhat key since that is one that is locked on lots of cdrom
> media etc for people to trust against. After that, we should have the
> EPEL key signed by that one and then the resulting fingerprints
> published in appropriate places.

+1
Chances are that someone who wants to install epel-release already is
trusting the RHEL key. 

-- 
David Juran
Sr. Consultant
Red Hat
+358-504-146348

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]