#5870: rawhide signing
------------------------------+-----------------------
Reporter: kevin | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 21 Final | Component: koji
Resolution: | Keywords: meeting
Blocked By: | Blocking:
------------------------------+-----------------------
Comment (by till):
Replying to [ticket:5870 kevin]:
We have talked a number of times about getting rawhide packages
signed,
but haven't been able to come up with a solution that is secure and
meets
our needs. We should try and do so. :)
To decide, whether it is secure, we need to decide which threats we want
to protect against.
* There is a koji plugin to sign all builds, but it's not
implemented in
a very nice way and stores it's keys/passphrases in clear text
files on
the hub.
What can be improved in the plugin besided the passphrase storage? There
is no indication about improvements in the ticket I referenced, assuming
it is the plugin you meant.
* Additional space would be taken up by more signed rpms/signatures.
Are the signatures that big that this is a problem? Or is this related to
the fact that the package might need to be re-signed when Rawhide is
branched?
--
Ticket URL: <
https://fedorahosted.org/rel-eng/ticket/5870#comment:2>
Fedora Release Engineering <
http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project