Re: F37 Change: Signed RPM Contents (System-Wide Change proposal)
== Detailed Description ==
During signing builds, the files in it will be signed with IMA signatures.
These signatures will be made with a key that's kept by the Fedora
Infrastructure team, and installed on the sign vaults.
I wonder, does this have measurable effect on the time it takes to
build a package? That could make the package signing service (sigul?
robosignatory?) a new bottleneck for package builds ...
There are packages that contain lots of small files, so I think it's
safe to assume that signing them would take longer than it does now.
But how much longer? Do you have an estimate?
Fabio