On Thu, Sep 18, 2008 at 12:24 PM, David Juran <[EMAIL PROTECTED]> wrote: > Hello. > > I see a debate is starting to arise on the benefits of including the EPEL key > in RHEL. The problem I originally wanted to solve when I proposed this, was > to avoid the chicken-egg problem with how to trust the epel-release package > that contains the EPEL key if you don't already have the key. But yes, there > is the problem of keeping the keys in sync. > In my opinion it doesn't make much sense to sign a package with a key that > is contained in that very package. So what other approaches are there? Would > it be possible to have epel-release signed by the RHEL key? Would EPEL want > to? Would Red Hat do it if asked nicely? > > /David > David, that is an excellent point. I will follow up with that next week. (Travelling this week).
stahnma > > > _______________________________________________ > epel-devel-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/epel-devel-list > _______________________________________________ epel-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/epel-devel-list
