[
https://issues.apache.org/jira/browse/CASSANDRA-14968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16750077#comment-16750077
]
Michael Shuler commented on CASSANDRA-14968:
--------------------------------------------
Keep it simple. We do 2 things with rpms: we sign the packages, we sign the
repository metadata. I have no idea without testing in a scratch repo at
bintray if those can be different signatures, if the existing rpm signature is
overwritten, etc.
What I did test was installing ignite from the instructions on their download
page. The repository metadata is signed by bintray key, and yes, the metadata
would need to be created after packages are upload, then that metadata would be
signed by the bintray key after that step.
> Investigate GPG signing of deb and rpm repositories via bintray
> ---------------------------------------------------------------
>
> Key: CASSANDRA-14968
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14968
> Project: Cassandra
> Issue Type: Bug
> Reporter: Michael Shuler
> Priority: Major
> Labels: packaging
>
> Currently, the release manager uploads debian packages and built/signed
> metadata to a generic bintray repository. Perhaps we could utilize the GPG
> signing feature of the repository, post-upload, via the bintray GPG signing
> feature.
> https://www.jfrog.com/confluence/display/BT/Managing+Uploaded+Content#ManagingUploadedContent-GPGSigning
> Depends on CASSANDRA-14967
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
