On Fri, 2009-12-11 at 08:20 -0800, Adam Williamson wrote: > On Fri, 2009-12-11 at 10:53 -0500, James Laska wrote: > > > Not sure if this has been raised yet, but are we specifying when in the > > release that packages should be signed with a valid signature? I > > believe packages are signed at all release milestones, but I'd like to > > clear up that assumption. > > Do you think that's a criteria issue, i.e. something to which there's an > innate correct answer which can be defined and which shouldn't change? > I'd think of it more as a process issue, but IMBW. Yeah, that's my question ... is there an assumption that all packages will be signed? Does this assumption need to be validated? Looking at our current test plans for the release, I don't see anything where we confirm that packages are properly signed. Should we be testing this, and if so ... does it map back to a specific release criteria?
Description: This is a digitally signed message part