Bug 432811
Summary: | We should ship the EPEL gpg key in RHEL | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | David Juran <djuran> |
Component: | redhat-release | Assignee: | Dennis Gregorovic <dgregor> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 5.3 | CC: | dennis, dmach, duck, herrold, inode0, mikem, riek, smooge |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-09-25 17:16:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Juran
2008-02-14 15:41:32 UTC
Actually, why do you include the fedora and fedora-test keys? Right now I would rather see those removed. (In reply to comment #2) > Actually, why do you include the fedora and fedora-test keys? Right now I would > rather see those removed. I've created bug #460915 to track that request. Change checked into CVS. RPM-GPG-KEY-EPEL should appear in the 5.3 redhat-release package. the correct way to install the GPG key and configure the repos is to grab the epel-release package from a mirror. and manually rpm install it. then everything just works. https://fedoraproject.org/wiki/EPEL/FAQ#howtouse its been the recommended way since day 1 of EPEL shipping the key in redhat-release means that it will conflict with epel-release if for some reason the key needs to be changed in the future. the only way it makes sence to ship the epel key in redhat-release is if it also ships the .repo files for epel and then if the key needed changing redhat-release would need an update. I personally stongrly believe this is something better left with status quo. I agree with Dennis. I'm guessing this request originated with someone who installs epel packages piecemeal and does not add the repo files (otherwise I don't see how having the key without the repo info is much help). I'm not sure we should be encouraging such behavior. If a customer installs epel packages, they should probably keep up with the corresponding epel updates. As EPEL SIG chair, I agree with Dennis. If Red Hat is going to ship the EPEL key, please do so within the epel-release package. That way if the keys are updated, invalidated etc they can be updated via a known process. I say this because we are looking if we need to update our keys in line with the recent Red Hat issue. If we do so, then they keys that you have are not in sync anymore. Thanks Stephen Smoogen Wouldn't it be better to have some key-signing hierarchy instead of shipping the actual keys? Ok, it seems that my comment 9 does not make a whole lot of sense. So based on that I think it would be better to NO include the EPEL (or Fedora) keys and instead have users really use epel-release. I agree with Daniel. Closing bug. |