Draft Proposal: Spin Submission and Approval Process
Josh Boyer
jwboyer at gmail.com
Tue Mar 4 21:29:51 UTC 2008
On Tue, 4 Mar 2008 12:23:05 -0900
"Jeff Spaleta" <jspaleta at gmail.com> wrote:
> On Tue, Mar 4, 2008 at 12:17 PM, Jesse Keating <jkeating at redhat.com> wrote:
> > On Tue, 2008-03-04 at 11:57 -0900, Jeff Spaleta wrote:
> > > The Fedora community will have access to approved kickstart files so
> > > that they can make local builds of the spins as needed (through cvs,
> > > website, and perhaps as a package). If a spin maintainer has the
> > > ability to host their own spin binary images, they will be allowed to
> > > link to such binaries (and signatures) from the community contributed
> > > spins once the peer group of Spin Maintainers certifies that the
> > > signatures for the binaries are correct.
> >
> > What are the signatures you're referring to here?
>
> I guess I meant signed checksums, using an individual's gpg key (Not
> any of the keys the fedora project is using). If people are going to
> link to external images, I want to make sure we have some basic
> verification available that its the image people are expecting to
> find.
Except spins are done off of released versions of Fedora. Which means
the packages they use are already signed with the Fedora key.
josh
More information about the fedora-advisory-board
mailing list