Hi,
I saw that this issue has been raised before for staging packages, but I'm
wanting to bring to the attention of the relevant people/person that the LATEST
Gluster stable packages are also not signed. There are no contact details within
the package headers (see below), so I can't simply email the package
maintainer. In any case, there can be zero trust placed in these packages. There
is a GPG key assigned to the repo. Why not use it?
# rpm -qpi /var/www/html/repo/gluster-epel-5-x86_64/glusterfs-fuse-3.4.2-1.e
l5.x86_64.rpm
Name : glusterfs-fuse Relocations: (not relocatable)
Version : 3.4.2 Vendor: Fedora Project
Release : 1.el5 Build Date: Fri 03 Jan 2014 10:39:14
PM EST
Install Date: (not installed) Build Host: buildvm-26.phx2.fedorapr
oject.org
Group : Applications/File Source RPM: glusterfs-3.4.2-1.el5.sr
c.rpm
Size : 225484 License: GPLv2 or LGPLv3+
Signature : (none)
Packager : Fedora Project
URL : http://www.gluster.org/docs/index.php/GlusterFS
Summary : Fuse client
Description :
Regards,
Grant
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140307/de748be6/attachment.html>