[CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)
R P Herrold
herrold at owlriver.com
Mon Jul 30 22:44:47 UTC 2007
On Mon, 30 Jul 2007, Ray Van Dolson wrote:
> I understand how a lot of it "went down" (saw the meetings
> and am on the lists as well), I'm just wondering if that
> aside (I know, hard to do :), could there feasibly be an
> RPM-based solution to this that would make repo-tags
'could be'? Sure. Check the package signing key against a
well maintained index of the same, posibly on an automated
basis with a small tool-let (TUI and widget). Have a well
maintained central archive to query against, which accepts new
keys countersigned with a GPG key off record at a public
keyserver, from a person in a chain of trust/chain of 'known'.
Lock the network down with a CACert CA mediated SSL layer.
Likely to happen? dunno -- step up and write it. I cannot
write it for free. There have been proposals along these
lines in one form or another, and the widget hasn't happened
Until then, externally visible repotags were the next best
option. But they are 'unsightly' to the Red Hat person
quoted, as they "clutter up the namespace". Fine. He wins.
We all lose.
Tech support load sauce for the goose works on the gander as
well. I assume Dag and Axel will have to send people away
when it is EPEL is present or conflicting for load management.
-- Russ Herrold
More information about the CentOS