[users] Why RepoForge RpmForge not available?
dag at wieers.com
Mon Sep 23 17:49:38 CEST 2013
On Mon, 23 Sep 2013, Nico Kadel-Garcia wrote:
> Let us know if there's anything we can do to help out, or help get package
> updates flowing into RPMforge again.
It was discussed off-list a few times over the past 3 years. I don't mind
someone else continuing the repository. My only concern is that signing
with my key (my name is related to that key) is not an option to me if I
didn't build and verified the build myself.
So if the builds move to someone else (or more than one person), it should
be signed with a different key. At first I didn't want this change to be
something that happened automatically (as changing trust is something that
should be a decision).
But since the situation is now probably worse than if David would be
updating the packages, I am fine with simply making the RPM print a
message if it moves from the old key to newer keys. So people are aware
that this change has taken place.
So for me the only thing that I am needed for to make this change happen:
- Sign the new rpmforge-release package with my key, which includes
David's key (or a project key ?)
(- And paying for the infrastructure ;-))
David already has access to the main mirror afaik, so in theory he could
push new packages directly to the main mirror, but without the key being
distributed in advance this obviously makes no sense.
BTW In the past the PPC builds were signed exclusively by Fabian, and the
Fedora/Aurora builds were signed exclusively by Dries. So we already
allowed some people to sign RPMs, but it was strictly for different
architectures/releases. We never mixed signing keys for a single
repository, so you trusted only one person who was responsible for the
For me that was always very important, because if you install an RPM
package, you basically trust your complete system to the person that
created the package ! I have earned that trust by a lot of people, and I
probably broke that trust by failing to build these updates.
Although I never promised to keep doing this indefinitely, I also never
decided to stop doing it, it just happened slowly. Because of many things
happening around the same time: CentOS burnout, two kids, house
renovations, freelancing, ... And I don't feel good about this situation
either, trust me.
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, contact at dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
More information about the users