You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Force all repository data to be fetched over HTTPS. especially the metadata.
Add signing key to some location that is only accessible over HTTPS
Tell users to install the pygpgme package if they wish to have yum verify signatures (it doesn't by default?!?!) (Note: As far as I can tell, EPEL isn't required for pygpgme, but I didn't try. That entire site may be bullshit.)
.repo file
Set gpgcheck=1
Set repo_gpgcheck=1
Set gpgkey=https://overviewer.org/location/of/our/public/signing/key
Inform people of this change. It is not breaking since the .repo file is used locally, but people may wish to use signatures.
misc primary.xml
Change <rpm:vendor> from Andrew Brown <[email protected]> to something less broken and more relevant.
Change <url> from http://overviewer.org to https://overviewer.org
repomd.xml
After createrepo, do gpg --detach-sign --armor repodata/repomd.xml. yum will automatically fetch the created repodata/repomd.xml.asc.
