> Date: Wed, 3 Feb 2016 05:12:04 +0000 > From: [email protected] > To: [email protected] > Subject: Re: [RedSleeve-Users] Yum & Signed Packages in 7 > > I've been thinking about this. Jacco, how does this sound: > 1) You produce a key pair and sign all the packages on your side. > If you put the public key there, then we can have signed packages > working for the testing repositories which will probably make > people feel less concerned about it. Sigul Signing server is a perfect > solution for signing RPM in a secure way.It is incorporated in the Koji setup > I am designing :)(You don't need Koji to use sigul). > One way to do this could be to have a redsleeve-testing-release package > corresponding to the testing repository. > > 2) Once things have been more thoroughly tested, I'll re-sign them > whth the release version key. Sounds fine by me. BRBjarne
_______________________________________________ users mailing list [email protected] https://lists.redsleeve.org/mailman/listinfo/users
