[ https://issues.apache.org/jira/browse/CASSANDRA-14968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16750077#comment-16750077 ]
Michael Shuler commented on CASSANDRA-14968: -------------------------------------------- Keep it simple. We do 2 things with rpms: we sign the packages, we sign the repository metadata. I have no idea without testing in a scratch repo at bintray if those can be different signatures, if the existing rpm signature is overwritten, etc. What I did test was installing ignite from the instructions on their download page. The repository metadata is signed by bintray key, and yes, the metadata would need to be created after packages are upload, then that metadata would be signed by the bintray key after that step. > Investigate GPG signing of deb and rpm repositories via bintray > --------------------------------------------------------------- > > Key: CASSANDRA-14968 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14968 > Project: Cassandra > Issue Type: Bug > Reporter: Michael Shuler > Priority: Major > Labels: packaging > > Currently, the release manager uploads debian packages and built/signed > metadata to a generic bintray repository. Perhaps we could utilize the GPG > signing feature of the repository, post-upload, via the bintray GPG signing > feature. > https://www.jfrog.com/confluence/display/BT/Managing+Uploaded+Content#ManagingUploadedContent-GPGSigning > Depends on CASSANDRA-14967 -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org