On Mon, 20 Jan 2014 09:11:48 -0500 Matthew Miller <mat...@fedoraproject.org> wrote:
> On Fri, Jan 17, 2014 at 03:42:34PM -0700, Kevin Fenzi wrote: > > > My thoughts are these (in no particular order). > > > * Treat this branch like Rawhide. All builds targeted at this are > > > composed to a repo. Signing is nice, but not mandatory in my > > > opinion. > > It's pretty much impossible to sign rawhide style repos. ;) ...snip a bunch of stuff I agree with... Yes, sorry I was unclear here. It's pretty much impossible with our current signing setup to sign rawhide style repos. ;) sigul has no ability to do non interactive signing. You always have to provide it with a passphrase with the list of things to sign. There is a koji plugin to sign all built packages, but it stores gpg keys on the hub, passphrases in the koji config and is pretty much never going to be acceptable to upstream koji to add. Ideally we would have someone able to improve sigul so we could do some kind of unattended signing in specific cases (and lock that down as much as we can). Currently we don't have this. ;) kevin
signature.asc
Description: PGP signature
_______________________________________________ epel-devel mailing list epel-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel