On Mon, Jan 18, 2010 at 12:35:43PM -0700, Kevin Fenzi wrote: > On Mon, 18 Jan 2010 19:59:20 +0100 > Till Maas <[email protected]> wrote: > > > > The mock config can be changed to not use this repo that only provides > > unsigned RPMs: > > http://buildsys.fedoraproject.org/buildgroups/rhel5/i386/ > > > > Then one can a lot easier enable gpgcheck in the mock config. > > Currently it involves downloading and auditing the rpms in above repo > > and mirror it locally. > > Perhaps we could just sign those packages? > (Possibly with a different key)?
I don't think that it would be easier, but if it is done, then please with the same key to kind of ensure that it is stored carefully. Here is btw the discussion from 2007 about the same issue but for Fedora: http://lists.fedoraproject.org/pipermail/devel/2007-June/104640.html Regards Till
pgpGqI4mlDrVr.pgp
Description: PGP signature
_______________________________________________ epel-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/epel-devel-list
