[
https://issues.apache.org/jira/browse/BIGTOP-1243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14126590#comment-14126590
]
Peter Linnell commented on BIGTOP-1243:
---------------------------------------
The proper way to add a signature with rpm is for us to use a signing key
signed by several members of the PMC, which authenticates the bits.
Then we would need to add an rpm which imports the keys properly into the rpm
key chain.
This is not difficult to do, but be aware the private key would need to be on
the build machines.
> Add Vendor and Signature in RPM information
> -------------------------------------------
>
> Key: BIGTOP-1243
> URL: https://issues.apache.org/jira/browse/BIGTOP-1243
> Project: Bigtop
> Issue Type: Improvement
> Components: rpm
> Affects Versions: backlog
> Reporter: Guo Ruijing
>
> Bigtop may be improved to include vendor and signature in RPM information.
> The vendor and signature should come from BOM and its value is not hard-coded.
> existing behavior:
> $ rpm -qi bigtop-jsvc-1.0.10-1.el6.x86_64
> Version : 1.0.10 Vendor: (none)
> Signature : (none)
> expected behavior:
> $ rpm -qi bigtop-jsvc-1.0.10-1.el6.x86_64
> Version : 1.0.10 Vendor: (Bigtop)
> Signature : (scm information)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
