On Mon, 30 Jul 2007, Ray Van Dolson wrote:
I understand how a lot of it "went down" (saw the meetings and am on the lists as well), I'm just wondering if that aside (I know, hard to do :), could there feasibly be an RPM-based solution to this that would make repo-tags obsolete?
'could be'? Sure. Check the package signing key against a well maintained index of the same, posibly on an automated basis with a small tool-let (TUI and widget). Have a well maintained central archive to query against, which accepts new keys countersigned with a GPG key off record at a public keyserver, from a person in a chain of trust/chain of 'known'. Lock the network down with a CACert CA mediated SSL layer.
Likely to happen? dunno -- step up and write it. I cannot write it for free. There have been proposals along these lines in one form or another, and the widget hasn't happened yet.
Until then, externally visible repotags were the next best option. But they are 'unsightly' to the Red Hat person quoted, as they "clutter up the namespace". Fine. He wins. We all lose.
Tech support load sauce for the goose works on the gander as well. I assume Dag and Axel will have to send people away when it is EPEL is present or conflicting for load management.
-- Russ Herrold _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
