Should Fedora rpms be signed?

Alexandre Oliva aoliva at redhat.com
Tue Oct 26 20:44:32 UTC 2004


On Oct 26, 2004, Elliot Lee <sopwith at redhat.com> wrote:

> On Tue, 26 Oct 2004, nodata wrote:
>> Packages for Fedora Core test (rawhide) aren't always signed.
>> 
>> Why?

> If you can come up with a script to sign .rpm's without typing in a
> password, I'll be happy to look at it.

That's easy.  AFAIK, you could just have a signing key without a
passphrase, or have the passphrase encoded in plain text in an expect
script that runs rpm --resign.  But would you really want to do that?

-- 
Alexandre Oliva             http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer   aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@{lsd.ic.unicamp.br, gnu.org}




More information about the fedora-test-list mailing list