On Thu, 2017-07-13 at 00:36 +0200, Kevin Kofler wrote:
Koji will take care of the signing for Flatpaks
built in Koji as it does for RPMs built in Koji.
Sigul is actually the system that signs the packages. They are
placed into a Koji tag when they need to be signed, and when Sigul is
done signing them it moves them into a new Koji tag.