On Do Oktober 25 2007, Jesse Keating wrote: > A) signing packages. This can somewhat be mitigated by using a signing > server (which work is developing on), however for a while I'm not going > to feel comfortable hooking up some automated process to sign packages. What is the problem with an automated signing process? It cannot be worse than the current situation where rawhide rpms are only available in unsecure ways for the common user. When the ssl certificate for koji is changed to one from a trusted ca, then at least they are available there, but it is still a lot more work than to just using a mirror. And I guess it is not intended to use koji as a repository. Regards, Till  Of course one should not use the same key that is used for stable rpms.
Description: This is a digitally signed message part.