Hiyas, On Wed, Jan 13, 2010 at 02:42:26PM +0100, Till Maas wrote:
> I just wondered how the RPM packages from Fedora used in RPMFusion > buildroots are verfied on the RPMFusion builders. Fedora uses direct > access to the RPM packages via a secure channel afaik, but since > RPMFusion does not use Fedora infrastructure, this seems not to be > possible. Also I did not found the typical RPM message about importing > the GPG key that is usually displayed on my local mock builds in the > RPMFusion build roots. Therefore I fear that the RPMs are not verified > at all, but please don't let this be true. except for a answer about the default mock config, there was no reply to this within two weeks. So I conclude that they are very likely not verified and nobody cares, thats bad. :-( Regards Till
pgpgSdSMdGhYI.pgp
Description: PGP signature
