#6267: sign ostree commits
------------------------------+-----------------------
Reporter: walters | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 23 Final | Component: koji
Resolution: | Keywords:
Blocked By: | Blocking:
------------------------------+-----------------------
Comment (by walters):
Note that unlike signing RPMs where the entire binary content is signed,
OSTree commits are tiny files which just have a SHA256 of other objects -
and OSTree commits can be signed *asynchronously* from the "build". My
observation has been that funnelling significant amounts of data through
the signing process has been a source of a lot of the unreliability.
The fact that OSTree signing works this way is not an accident =)
--
Ticket URL: <
https://fedorahosted.org/rel-eng/ticket/6267#comment:7>
Fedora Release Engineering <
http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project