On Fri, 23 Dec 2016 12:43:42 +0100 Olaf Hering <[email protected]> wrote:
> What is the reason anyway for the resigning? Is there no chance to
> use the packman key in the Essential/Multimedia/Extra/Games project
> right away?
There are several reasons:
1. (a weak one) - History. Before Packman used OBS there was an own
rudimentary build system, which then needed a publication system. This
publication system is still used on packman.links2linux.org for
maintaining the web page and distributing everything to the mirrors.
2. Security: All packages are signed with the packman key in a secure
environment. The key stays on the signing machine, and only there.
3. Usability and ease of use: You cannot import arbitrary GPG keys
into OBS. Thus each and every project has its own key. Packman would
need 5 keys, Essentials, Multimedia, Games, Extra and the whole of
it in one repo. The combined repo has to be created separately
anyway, so all packages are resigned with the official Packman key.
Greetings,
Stefan
--
Stefan Botter zu Hause
Bremen
pgpNF2JiAgKd8.pgp
Description: OpenPGP digital signature
_______________________________________________ Packman mailing list [email protected] http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
