I can see that the RPM packages are signed with GPG key ID 5ddbe8d434fa74dd but I can not find the key anywhere. Please could you provide the GPG key on the web as you did for DEB packages?
It _should_ be available from the standard keyservers. If it's not for some reason, you can grab a release rpm and unpack it to get the key with something like:
rpm2cpio nodesource-release-fc24-1.noarch.rpm | cpio -ivd
and it will be one of the files that gets unpacked.
Users shouldn't need to get the GPG key from a key server or extract it from RPM. The key should be available for download from your page in the same way as it's for the Debian packages.
Please expose the GPG key on your web in order users can freely download it without any additional complications.
Request to reopen..
I really do not understand why the GPG signing key is not published in the same way as the GPG signing key for Debian packages already is..
Please define "standard keyservers" - I didn't find it anywhere - Even not on the Ubuntu keyservers
And please explain your decision to close this request without any further actions..
Current Situation:
The installation method for nodejs under RHEL is horrible. Curling a bash script and pipe it to a root shell... Seriously? Disgusting!
Requirement:
We use Configuration Management to provisionize repository configurations. As we need to provide a GPG Key for the yum repository configuration we need to grab it from at least somewhere.
Definition of Done:
Host the GPG signing key for RPM packages the same way you are doing it for DEB packages.
Debian: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
RHEL (proposed): https://rpm.nodesource.com/gpgkey/nodesource.gpg.key
Please define "standard keyservers" - I didn't find it anywhere - Even not on the Ubuntu keyservers
gpg --keyserver ha.pool.sks-keyservers.net --recv-key 5ddbe8d434fa74dd
gpg: key 5DDBE8D434FA74DD: public key "NodeSource <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
Most helpful comment
Request to reopen..
I really do not understand why the GPG signing key is not published in the same way as the GPG signing key for Debian packages already is..
Please define "standard keyservers" - I didn't find it anywhere - Even not on the Ubuntu keyservers
And please explain your decision to close this request without any further actions..
Current Situation:
The installation method for nodejs under RHEL is horrible. Curling a bash script and pipe it to a root shell... Seriously? Disgusting!
Requirement:
We use Configuration Management to provisionize repository configurations. As we need to provide a GPG Key for the yum repository configuration we need to grab it from at least somewhere.
Definition of Done:
Host the GPG signing key for RPM packages the same way you are doing it for DEB packages.
Debian: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
RHEL (proposed): https://rpm.nodesource.com/gpgkey/nodesource.gpg.key