[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Development to Official



On Do Oktober 25 2007, Jesse Keating wrote:

> A) signing packages.  This can somewhat be mitigated by using a signing
> server (which work is developing on), however for a while I'm not going
> to feel comfortable hooking up some automated process to sign packages.

What is the problem with an automated signing process?[1] It cannot be worse 
than the current situation where rawhide rpms are only available in unsecure 
ways for the common user. When the ssl certificate for koji is changed to one 
from a trusted ca, then at least they are available there, but it is still a 
lot more work than to just using a mirror. And I guess it is not intended to 
use koji as a repository.

Regards,
Till

[1] Of course one should not use the same key that is used for stable rpms.

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]