[CentOS-devel] srpms for RHEL 7

Tue Jun 10 23:15:55 UTC 2014
Karanbir Singh <mail-lists at karan.org>

On 06/10/2014 11:58 PM, Connie Sieh wrote:
> In the expected place for srpms for RHEL7 there is a README
> 
> ftp.redhat.org:/redhat/linux/enterprise/7Server/en/os/README
> 
> It's contents are
> 
> ----------------------------------------------------------------------------
> Current sources for Red Hat Enterprise Linux 7 have been moved to the 
> following
> location:
> 
> https://git.centos.org/project/rpms
> ----------------------------------------------------------------------------
> 
> Who/what is populating this area?

Questions about RHEL and what / how they do their thing need to be sent
their way.

> How are updates to packages handled?  Do they go straight to 
> https://git.centos.org/project/rpms/ as the updates are published by 
> RedHat?
> 
> Does CentOS modify any of these packages?

our process in centos.org starts with the git repos, just as anyone
else's would be.

> Since it is implied that this "represents" the "srpm" for a given RHEL 
> package (given the above README from ftp.redhat.com) how do I know it has 
> not been tampered with?

same way as any other code, you'll need to build and work with your
level of trust here. This is the code we are consuming, if you need and
want signed content, we will be publishing signed srpms as a part of the
CentOS release process, you might prefer to track that instead.

regards


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc