[Gluster-users] Gluster EPEL _5_ packages not signed

Kaleb Keithley kkeithle at redhat.com
Fri Mar 7 04:09:07 UTC 2014


 
> 
> I saw that this issue has been raised before for staging packages, but I'm
> wanting to bring to the attention of the relevant people/person that the
> LATEST Gluster stable packages are also not signed. There are no contact
> details within the package headers (see below), so I can't simply email the
> package maintainer. In any case, there can be zero trust placed in these
> packages. There is a GPG key assigned to the repo. Why not use it?
> 
> 
> 
> # rpm -qpi /var/www/html/repo/gluster-epel-5-x86_64/glusterfs-fuse-3.4.2-1.el5.x86_64.rpm
> 
>

First off, it's only the el5 RPMs that are not signed.

They aren't signed because YUM install of signed packages on RHEL5 and CentOS5 barfs on the signature.

If you know how to sign el5 packages so that yum doesn't barf, please share.

--

Kaleb




More information about the Gluster-users mailing list