[OpenAFS] OpenAFS RPMs and GPG signatures

Alexander Boström abo@kth.se
Fri, 13 Jun 2008 16:29:50 +0200

fre 2008-06-13 klockan 08:26 -0400 skrev Jason Edgecombe:

> Would sucking them straight out of AFS make you feel any better? You can
> have the CellServDB entries hard-coded and the AFS folders can only be
> modified by someone who has access.

Yeah, that's what I'm doing now (though simply I'm trusting DNS and IP
routing). I sign the packages and put them in a local repository. That's
acceptable, in my book, from a security standpoint. (It's certainly
better than running yum with gpgcheck=0 on some random public wavelan.)
But it's yet another thing that needs to be done or automated and I'm
just hoping for a solution that could benefit everyone instead.

Anyway, maybe I should just publish my repo for everyone to use and be
done with it. I could try to populate it with packages for the latest
RHEL kernels too. But that just feels so wrong!