kevin added a new comment to an issue you are following:
``
Some questions:
* You would tag all the packages for a compose into coreos-pool and all the ones in a
released compose into coreos-release. Could you perhaps just use fedora GA/fedora-updates
tags and only tag in the builds that are not in those and use those 2 repos on top of
coreos-pool/coreos-release? That would make them much smaller and more manageable. Of
course the fedora ones would be signed with fedora keys.
* What keys should these tags builds be signed with? If with the fedora ones, since they
aren't versioned how can we tell what key to use?
If we have to sign a large pile of packages with a new key often I am a bit worried at our
signing bandwith.
``
To reply, visit the link below or just reply to this email
https://pagure.io/releng/issue/8294