On Thu, 2017-07-13 at 00:36 +0200, Kevin Kofler wrote:
Koji will take care of the signing for Flatpaks
built in Koji as it does for RPMs built in Koji.
Sigul[0] is actually the system that signs the packages. They are
placed into a Koji tag when they need to be signed, and when Sigul is
done signing them it moves them into a new Koji tag.
[0] https://pagure.io/sigul