#6286: Please sign all RC and TC images
--------------------------+-----------------------
Reporter: genodeftest | Owner: rel-eng@…
Type: enhancement | Status: reopened
Milestone: | Component: koji
Resolution: | Keywords:
Blocked By: | Blocking:
--------------------------+-----------------------
Comment (by robatino):
The problem was that every RC was being signed with the same key which was
intended to certify Gold releases (meaning that anyone verifying the
signature wouldn't be verifying that it was a Gold release, only that it
was one of the RCs, contrary to what the Verify page says). There wouldn't
have been a problem with signing the TCs/RCs with a separate key meant for
that purpose. Having said that, it may not be worth the trouble to sign
TCs/RCs since very few people use them, and Alpha/Beta/Final Gold, which
are used by many more people, do get signed. A relatively easy workaround
would be to make sure the TC/RC announcement is signed by someone well-
known, and to include all the image checksums in that announcement.
Although I'm not sure that's worth the trouble either.
--
Ticket URL: <
https://fedorahosted.org/rel-eng/ticket/6286#comment:5>
Fedora Release Engineering <
http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project