Is there any security advantage in using Oracle’s EPEL repository instead of the original EPEL repository on my Oracle Linux installation?
Where does Oracle obtain the source code used to build the packages in its EPEL repository? Is it taken directly from the code published by the original software authors, or from the source published by the EPEL maintainers?
If it comes from EPEL, does Oracle have any process or routine to verify these sources in order to ensure that they haven’t been tampered with compared to the original upstream code (the one published by the original software authors)?