On 27/06/2018 18:37, Patrick Boutilier wrote: >> Look at how EPEL/ELrepo/most other repositories do it. You provide a >> dell-release RPM, signed with their signing key, which is made >> available over >> HTTPS. >> >> First time you use it, you can download the release RPM, validate it >> to your >> satisfaction that it's legit, and put that into your internal repos, >> optionally resigning it or whatever else you'd like to do. >> >> Any changes Dell then want to make to their repositories they can >> release as >> an updated dell-release RPM, and nobody has to play games like this. > > That would be a good solution.
That wouldn't be just a good solution, it would be the best solution! I've just been reading all the messages in this thread, and I'm appalled at Chandrasekhar's (Dell's) response of telling folk to manually import some new key. It demonstrates a complete lack of understanding about managing systems and repositories. I'm asking Chandrasekhar/Dell: do you think everyone who uses the RPMs is on this list? For those who aren't on the list, how do you think they're supposed to find out about the solution? You need to start thinking about all the systems out there that are trying to update these tools and failing, and how you will allow for a graceful recovery from this f***-up. Telling folk here on this mailing list is NOT the solution; it's merely a temporary hack for those who choose to use it. it doesn't help all the others out there who're not on this list. I also have a case open with Dell support about this, but so far, no-one has come back to me with a solution. I hope Dell doesn't sign their dell.com domain with DNSSEC. They'll probably do key roll-overs just like this and screw it up too. A very annoyed user, Anand _______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge
