Hi Mickael,
On Fri, 23 Apr 2021 at 08:32, Mickael Istria <mist...@redhat.com> wrote: > Hi all, > > Thanks to Mikael (Barbero) for encouraging exclusion of any automated form > of trust at the moment, we're making some concrete progress here: > * artifacts provider can now attach PGP signatures to the p2 metadata and > p2 will ensure all those signatures are correct for the given artifact when > downloading it; installation will fail early if a signature is incorrect. > For the moment, public keys for verification current are also to be placed > in p2 metadata. > https://www.eclipse.org/eclipse/news/4.20/platform_isv.php#pgp-signature-verification > In the above link, what is the difference between artifact metadata and artifact repository? I feel like I am missing knowledge of some of the terminology. Thanks, Jonah >
_______________________________________________ platform-dev mailing list platform-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/platform-dev
