On Wed, Jun 11, 2008 at 7:43 PM, Simon Wilkinson <[EMAIL PROTECTED]> wrote: > > On 11 Jun 2008, at 15:24, Alexander Boström wrote: > >> Regarding the openafs.org RPMs, is there any chance of adding signatures >> to them? > > Who do you trust? > > It would be trivial to arrange that the RPMs are automatically signed by a > GPG key that lives on the build machine, with an unprotected private key. > > It's harder to arrange that they're signed by a key which requires manual > intervention - but it would be possible for them to be signed, for example, > by my GPG key. > > As for an OpenAFS key, who do you let sign packages with that key. What > happens if someone with access to that key then leaves the project, etc, > etc?
And this is why, incidentally, we haven't solved this yet. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
