Development to Official
Till Maas
opensource at till.name
Thu Oct 25 14:10:59 UTC 2007
On Do Oktober 25 2007, Jesse Keating wrote:
> A) signing packages. This can somewhat be mitigated by using a signing
> server (which work is developing on), however for a while I'm not going
> to feel comfortable hooking up some automated process to sign packages.
What is the problem with an automated signing process?[1] It cannot be worse
than the current situation where rawhide rpms are only available in unsecure
ways for the common user. When the ssl certificate for koji is changed to one
from a trusted ca, then at least they are available there, but it is still a
lot more work than to just using a mirror. And I guess it is not intended to
use koji as a repository.
Regards,
Till
[1] Of course one should not use the same key that is used for stable rpms.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071025/c523a849/attachment.sig>
More information about the fedora-devel-list
mailing list