https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #15 from Mark Wielaard <mark at klomp dot org> --- The basic idea having a collection of certs, and an signature for each file that is transported with the fetch operation that will be checked against those trusted certs is understandable. But I must admit that I am a little lost in the rpm and koji mechanisms to extract those signatures. How easy will it be to extend to other platforms that might store such signatures in different ways? -- You are receiving this mail because: You are on the CC list for the bug.
