4 Sep
2020
4 Sep
'20
2:08 p.m.
On 9/3/20 2:40 PM, Leon Fauster via CentOS-devel wrote:
Hi,
I wonder if it would be not beneficial enabling repo_gpgcheck for all centos repos? A short cross check shows that also SIG repos have repomd.xml signed. mirror.centos.org has no TLS enabled and repo_gpgcheck would add an additional security layer per default? This could be started for EL8? Or are there any barries?
--
It is on almost all repos ..
C6, c7, and c8
The reason mirror.centos.org is not https is many machines are donated .. and could be taken away 9reclaimed) by the donors, who have physical control of the machines. We don't want 'private' keys on those donated machines and the reason we created repo_gpgcheck repos.