Signing built RPMs or how to create signed RPMs.
Oliver Falk
oliver at linux-kernel.at
Tue Dec 14 20:45:48 UTC 2010
Am 14.12.2010 21:33, schrieb Mike McLean:
> On 12/14/2010 03:00 PM, Oliver Falk wrote:
>> Just want to mention, that sigul might be a bit too much effort for a
>> private (or even corporate) koji setup...
>
> I'm not sure that's true. Koji is already a pretty complex system. sigul
> is not that much more work. I think it just needs better documentation.
From a security point of view, you are totally right. If you already
use koji and did this complex setup, there's really no reason to not
also do the sigul setup. In the world of virtual machines, a small
signing host, might not be a big stunt anyway.
-of
More information about the buildsys
mailing list