On Thu, Sep 18, 2008 at 1:43 PM, Michael DeHaan <[EMAIL PROTECTED]> wrote: > Stephen John Smoogen wrote: >> >> On Thu, Sep 18, 2008 at 1:10 PM, Mike McLean <[EMAIL PROTECTED]> wrote: >> >>> >>> Stephen John Smoogen wrote: >>> >>>> >>>> I do agree we need to start from somewhere. I think we should start >>>> from the redhat key since that is one that is locked on lots of cdrom >>>> media etc for people to trust against. After that, we should have the >>>> EPEL key signed by that one and then the resulting fingerprints >>>> published in appropriate places. >>>> >>> >>> o boy. That sounds like a tall order. We'll have to ask pm and legal >>> about >>> that one. >>> >>> At any rate, I don't think the signing you suggest will make installing >>> epel-release any easier for anyone. >>> >>> >> >> In the end its not about making the install easier. Its more about >> trust of that installation. If the Fedora Keys are signed by the Red >> Hat master GPG key... should EPEL be also signed if it is being used >> for various Red Hat projects (spacewalk-0.3, cobbler, etc). >> >> >> > > Slight clarification -- Any products resulting from the above projects will > likely have their bits for RHEL end up distributed through RHEL channels > (i.e. RHN). I can't speak to Spacewalk though, but Cobbler will still be > available in EPEL regardless. I like EPEL, it's great and full of some > nice software, but Red Hat does not support bits from EPEL, so we can't > source the bits from there. Spacewalk is probably considered a "layered" > product, so I'm not sure what the stance on that in EPEL is -- Free IPA /is/ > in Fedora, however, and we have had the previous discussion about other bits > on this list. Either way, I'm not an authority on the above :) > > That all being said, I'd love to see the packages from EPEL signed in some > form as there are a /lot/ of users using those same apps straight from EPEL, > support or no -- they use them and they should be signed. This has nothing > to do with whether or not they are to be used for Red Hat things or > otherwise, it's just a good thing to do since people depend on those repos. > > As for distributing an epel-release with RHEL, I'm not sure if that would > happen or not as EPEL doesn't come with support. I probably would not > expect that to occur, but I think lots of folks do know about EPEL if they > want to use it.
Actually I think having epel-release in RHEL would be bad for the same reasons.. I just prefer it over having the epel keys there for no reason :). -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ epel-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/epel-devel-list
