On 10/05/2021 18:08, Johnny Hughes wrote: > On 5/7/21 8:15 AM, Matthew Miller wrote: >> On Fri, May 07, 2021 at 08:07:12AM +0200, Fabian Arrotin wrote: >>> So we have two solutions and the easiest/fastest one is probably just to >>> import pkgs in koji and SIG can just tag-build what they want/need >>> (including cherry-picking ENVR) but with the downside effect of pkg >>> signed with a different gpg key (and so my original question to Fedora : >>> is that allowed ?) >> >> I don't *think* that would be a problem. It's too bad RPMs can't have >> multiple signatures. >> >> But wouldn't cherry-picking ENVR cause problems if a system has EPEL >> enabled? >> > > I personally think the best option is just to use the EPEL repos as > external repos and to require epel-release in repos where you require > epel package to be installed. Sure, that would solve part of the problems SIGs asked initially to solve by just importing builds but other problems would then remain : - no way for them to tag a particular ENVR (that they can test and control in their tags) - still a need to rebuild EPEL pkgs (like for infra tags, etc) FWIW, Aoife said (in SIG-infra meeting today, https://centos.org/minutes/2021/May/centos-meeting.2021-05-10-14.03.html) that she'll reach out to Fesco to see if they agree on the "let's import and redistribute - part/tagged pkgs - Epel pkgs through cbs.centos.org" for SIGs OTOH, if all that is complicated (to find an agreement/policy), we can just continue like before : letting SIGs rebuild epel pkgs in cbs.centos.org and move on (and close RFE tickets about this on the infra tracker) :) -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab