EPEL repo signing [was Re: Python 3 for 7?]
Kevin Fenzi
kevin at scrye.com
Mon Jan 20 17:49:07 UTC 2014
On Mon, 20 Jan 2014 09:11:48 -0500
Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Fri, Jan 17, 2014 at 03:42:34PM -0700, Kevin Fenzi wrote:
> > > My thoughts are these (in no particular order).
> > > * Treat this branch like Rawhide. All builds targeted at this are
> > > composed to a repo. Signing is nice, but not mandatory in my
> > > opinion.
> > It's pretty much impossible to sign rawhide style repos. ;)
...snip a bunch of stuff I agree with...
Yes, sorry I was unclear here.
It's pretty much impossible with our current signing setup to sign
rawhide style repos. ;)
sigul has no ability to do non interactive signing. You always have to
provide it with a passphrase with the list of things to sign.
There is a koji plugin to sign all built packages, but it stores gpg
keys on the hub, passphrases in the koji config and is pretty much
never going to be acceptable to upstream koji to add.
Ideally we would have someone able to improve sigul so we could do some
kind of unattended signing in specific cases (and lock that down as
much as we can). Currently we don't have this. ;)
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20140120/7d35b2d5/attachment.sig>
More information about the epel-devel
mailing list