We were setting up gitlab; one of our standards is to ensure that RPMs are signed.
In reviewing the repo for gitlab-ce it seems that the repo is signed but not the packages them selves. Here is repo config: [gitlab_gitlab-ce] > name=gitlab_gitlab-ce > baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/6/$basearch > repo_gpgcheck=1 > gpgcheck=0 > enabled=1 > gpgkey=https://packages.gitlab.com/gpg.key > sslverify=1 > sslcacert=/etc/pki/tls/certs/ca-bundle.crt repo_gpgcheck tells yum whether or not it should perform a GPG signature check on the repodata from this repository. gpgcheck tells yum whether or not it should perform a GPG signature check on the packages gotten from this repository. We were wondering if anyone knows why the omnibus RPM is not being signed by gitlab, but the repo metadata is? Was this intentional or is this something we could request for the community addition? Thank you. -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/6d1cd432-5518-4270-84bd-b69b3df7e3da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
