[WBEL-devel] Package Keys (was Re: Open Letter...)
John Morris
jmorris@beau.org
Tue, 16 Dec 2003 22:21:14 -0600 (CST)
On Tue, 16 Dec 2003, William Hooper wrote:
> Could you clarify this paragraph? From what I've seen, up2date just
> relies on RPM's GPG checking which is already being used by a number of
> third party repositories for Red Hat Linux and Fedora Core. IMHO if it
> doesn't come from "Whitebox Enterprise Linux" it shouldn't be signed with
> the WB key.
Well as things stand now, WBEL really needs two keys. All of the binary
packages for the i386 port are signed with my key. Most of the SRPMS are
signed with Red Hat's key except for a few signed by mine and a pair
signed by Fedora. As non ia32 ports come into the fold their binaries
need to be signed by their maintainer. So up2date needs to be able to
import all of those keys instead of the current behaviour of just
importing the one Red Hat key.
Of course WBEL's up2date is importing the WB key even though the dialog
still says RH. Yea, I know. Didn't notice it till it would have been a
major PITA to restart the build process. Next update.
--
John M. http://www.beau.org/~jmorris This post is 100% M$ Free!
Geekcode 3.1:GCS C+++ UL++++$ P++ L+++ W++ w--- Y++ b++ 5+++ R tv- e* r