On Fri, Dec 11, 2009 at 10:53:40 -0500,
James Laska <jlaska(a)redhat.com> wrote:
Not sure if this has been raised yet, but are we specifying when in the
release that packages should be signed with a valid signature? I
believe packages are signed at all release milestones, but I'd like to
clear up that assumption.
I belive the plan is that all official koji builds are going to be signed
with the same key. The key will just provide assurance that the rpms were
official builds from our koji and not that they are tied to a particular
release or release type.