On Wed, 3 Sep 2014, R P Herrold wrote:

> On Wed, 3 Sep 2014, Nico Kadel-Garcia wrote:
>
>> It's quite galling: the current semi-manual re-assembly of
>> local branches, based on "git log" entries, is winding up
>> lauded as sufficient and superior because, frankly, it's the
>> only thing that's currently supported.
>
> Nico
>
> I get it -- you are unhappy about unsigned SRPMS.  I am
> located in the US and so readily subject of the reach the
> upstream as a target for litigation on perceived EULA / terms
> of use / etc violations.  I won't be exposing such a tool
> publicly, but then ...
>
> If you (seemingly offshore from the upstream) really cannot
> afford the funds for a subscription, and will do the coding of
> a mrepo / satellite / whatever proxy to retrieve the signed
> sources, please ... pass the hat, buy a subscription, and just
> sit down and write the code.  It would seem (but you should
> satisfy yourself) that your downside risk is that they will
> turn off such a subscription
>
> But is is not productive (for you) to carp over and over
> without taking steps to address your concern, nor (for others)
> reading mailing lists to wade through 're-runs' of your
> concern

So the solution is anonymous donations of signed SRPMS in an automated 
fashion ? Has Open Source come to this ? And to what end ?

Nico has a good point, and the only course of action is to make this 
absurd situation clear to the public. The only other two options are: 
paying and voiding you Red Hat contract or trusting Centos/infra/tooling.

If all this is done only to make RHEL and CentOS more compelling offerings 
(than Oracle Linux, Scientific Linux, ...), it does leave a bad taste :-/

-- 
Dag