On Mon, 2021-05-10 at 11:08 -0500, Johnny Hughes wrote: > On 5/7/21 8:15 AM, Matthew Miller wrote: > > On Fri, May 07, 2021 at 08:07:12AM +0200, Fabian Arrotin wrote: > > > So we have two solutions and the easiest/fastest one is probably > > > just to > > > import pkgs in koji and SIG can just tag-build what they > > > want/need > > > (including cherry-picking ENVR) but with the downside effect of > > > pkg > > > signed with a different gpg key (and so my original question to > > > Fedora : > > > is that allowed ?) > > > > I don't *think* that would be a problem. It's too bad RPMs can't > > have > > multiple signatures. > > > > But wouldn't cherry-picking ENVR cause problems if a system has > > EPEL > > enabled? > > > > I personally think the best option is just to use the EPEL repos as > external repos and to require epel-release in repos where you require > epel package to be installed. > > That way they remain totally independent and we don't have multiple > copies of the same rpms and ENVRs with different signatures / keys. This is probably the only time I miss the RPMv3 ability to have multiple signatures on a single RPM. Pat