>From Beaker 23.0 onwards, the Git tags for Beaker releases are GPG signed. The list of committers' GPG keys is now published here:
https://beaker-project.org/gpg/ For the time being, individual Git commits are not being (rigorously) signed, due to the fact that we use Gerrit's Rebase-if-necessary strategy which discards the commit signatures in most cases. There doesn't seem to be any solution for this. The Yum repos for server packages now also contain GPG-signed RPM packages. The RPM signing key is also published on the page above. I've updated the .repo configs we publish to refer to the new GPG key: https://beaker-project.org/yum/beaker-server-RedHatEnterpriseLinux.repo [beaker-server] name=Beaker Server - RedHatEnterpriseLinux$releasever baseurl=https://beaker-project.org/yum/server/RedHatEnterpriseLinux$releasever/ enabled=1 gpgcheck=1 gpgkey=https://beaker-project.org/gpg/RPM-GPG-KEY-beaker-project If you are consuming server packages from beaker-project.org you may wish to update your Yum configuration as above to enable GPG signature checking. Note that only the server repo is signed. The server-testing repo contains unsigned packages. The client repo is also unsigned but we will work towards switching this over to be signed in future. -- Dan Callaghan <dcall...@redhat.com> Senior Software Engineer, Products & Technologies Operations Red Hat
signature.asc
Description: PGP signature
_______________________________________________ Beaker-devel mailing list beaker-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/beaker-devel@lists.fedorahosted.org
