#6267: sign ostree commits
------------------------------+-----------------------
Reporter: walters | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 23 Final | Component: koji
Resolution: | Keywords:
Blocked By: | Blocking:
------------------------------+-----------------------
Comment (by ausil):
Replying to [comment:5 jgreguske]:
Can we change this conversation from "we have two options and
they both
suck", to "we (Fedora Rel-Eng) need X things to have a third
option that
does not suck"? :)
Rawhide isn't signed because of signing-system limitations, not because
of
policy, right? What do we need to enable that? And if something else
wants to be signed after meeting some minimum bar, we could handle that
case too.
Sure, I was giving the options available that I think we can realisticly
deliver in the short to medium term. the signing software has not
realistically been actively worked on ever and has not had a commit at all
since 2012
https://git.fedorahosted.org/cgit/sigul.git/log/ we have not
been sucessful in getting anyone to be able to work on it despite multiple
attempts.
We do have a policy of not doing detatched signatures which we would have
to change, unless atomic gained the ability to support inline signatures.
To me the main blocker in implementing this is fixing sigul to be more
reliable and to enable a way to provide authentication via a means other
than a manual password entry.
--
Ticket URL: <
https://fedorahosted.org/rel-eng/ticket/6267#comment:10>
Fedora Release Engineering <
http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project