[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Draft Proposal: Spin Submission and Approval Process

On Tue, 2008-03-04 at 12:23 -0900, Jeff Spaleta wrote:
> >  What are the signatures you're referring to here?
> I guess I meant signed checksums, using an individual's gpg key (Not
> any of the keys the fedora project is using).  If people are going to
> link to external images, I want to make sure we have some basic
> verification available that its the image people are expecting to
> find.

Ok, it brings up another point though.  We don't currently have a way of
verifying that the content in the Live image actually came from signed
rpms.  Some people may want that, especially if they're going to be
built and offered outside the Fedora infrastructure and not signed by
Fedora keys.  More tools needed I suppose :/

Jesse Keating
Fedora -- All my bits are free, are yours?

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]