On Fri, 17 Jul 2015 17:28:48 +0000 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > [In light of https://bugzilla.redhat.com/show_bug.cgi?id=1241383] > > 'dnf install --installroot=... --releasever=XX dnf' can be used to > bootstrap a Fedora chroot. The only snag is that --nogpg is often > recommended, because fedora-repos only provides the GPG keys for the > current and next release. > > It would be convenient (and safe!) to provide keys for past and > future releases, so such bootstrapping can be done without either > importing the keys manually and/or using --nogpg. > > I thought I'd ask here first: is there a strong reason *not* to > include those keys? So, I missed this thread, but saw it from the bug filed: https://bugzilla.redhat.com/show_bug.cgi?id=1246701 Several things here: * If we ship gpg keys for old eol Fedora releases, aren't we encouraging people to setup things we no longer support? * If we only ship supported releases in each fedora-repos package, it means more churn for that package for everyone as when a release goes EOL we would need to push a new update that removes the old EOL key. * As till pointed out, mock seems to already carry these keys, so some coordination here seems like a good idea no matter what we do. ;) * Can you describe the use case here a bit more? Why wouldn't you use mock (which has the keys already) to make a chroot? kevin
Attachment:
pgpkXwBPEaKIJ.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
