[CentOS-devel] repo_gpgcheck for centos repos?
Johnny Hughes
johnny at centos.orgFri Sep 4 14:08:55 UTC 2020
- Previous message: [CentOS-devel] repo_gpgcheck for centos repos?
- Next message: [CentOS-devel] repo_gpgcheck for centos repos?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 9/3/20 2:40 PM, Leon Fauster via CentOS-devel wrote: > Hi, > > I wonder if it would be not beneficial enabling repo_gpgcheck for all > centos repos? A short cross check shows that also SIG repos have > repomd.xml signed. mirror.centos.org has no TLS enabled and > repo_gpgcheck would add an additional security layer per default? > This could be started for EL8? Or are there any barries? > > -- It is on almost all repos .. C6, c7, and c8 The reason mirror.centos.org is not https is many machines are donated .. and could be taken away 9reclaimed) by the donors, who have physical control of the machines. We don't want 'private' keys on those donated machines and the reason we created repo_gpgcheck repos. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20200904/dd9cca0e/attachment.sig>
- Previous message: [CentOS-devel] repo_gpgcheck for centos repos?
- Next message: [CentOS-devel] repo_gpgcheck for centos repos?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list