--- On Mon, 2/1/10, Till Maas <opensou...@till.name> wrote:
> From: Till Maas <opensou...@till.name>
> Subject: Re: How are Fedora RPM packagess verified in RPMFusion buildsys?
> To: "RPM Fusion developers discussion list"
> <rpmfusion-developers@lists.rpmfusion.org>
> Date: Monday, February 1, 2010, 3:57 AM
> Hiyas,
>
> On Wed, Jan 13, 2010 at 02:42:26PM +0100, Till Maas wrote:
>
> > I just wondered how the RPM packages from Fedora used
> in RPMFusion
> > buildroots are verfied on the RPMFusion builders.
> Fedora uses direct
> > access to the RPM packages via a secure channel afaik,
> but since
> > RPMFusion does not use Fedora infrastructure, this
> seems not to be
> > possible. Also I did not found the typical RPM message
> about importing
> > the GPG key that is usually displayed on my local mock
> builds in the
> > RPMFusion build roots. Therefore I fear that the RPMs
> are not verified
> > at all, but please don't let this be true.
>
> except for a answer about the default mock config, there
> was no reply to
> this within two weeks. So I conclude that they are very
> likely not
> verified and nobody cares, thats bad. :-(
>
> Regards
> Till
>
Thank you for your concern. I honestly don't know the answer to your question.
I'm not an official contributor to either Fedora or RPMFusion, just read the
list to keep up with package progress. I do know that unlike Fedora, which has
a lot of Red Hat Employees putting things together and keeping things moving,
this is a volunteer project, and things do tend to move VERY slowly. I've seen
review requests that sit for months. I'm sure someone here does know for sure,
but it may take some time. Also, the "Leadership" structure of this project
might be in a state of flux, as some changed in how the project is lead have
been brought up. The point being is to please remain patient, and someone will
be able to answer your question.
Regards,
John
