I personally think the best option is just to use the EPEL repos as
external repos and to require epel-release in repos where you require
epel package to be installed.

That way they remain totally independent and we don't have multiple
copies of the same rpms and ENVRs with different signatures / keys.