jkeating at redhat.com
Thu Jun 28 12:55:14 UTC 2007
On Thursday 28 June 2007 08:44:09 Till Maas wrote:
> What should go wrong when someone with the gpg key signs the rpms? And the
> rpms are really trivial, so it is easy to verify them once. And afaik they
> are not updated very often, so it is not much work.
The answer isn't to sign these rpms which don't exist anywhere else in the
distribution. The answer is to add a "buildsys-build" group or other such
named group to the comps file and define what packages should be in there
that way, and have mock just do a 'groupinstall buildsys-build', which would
pull from the shipped repos. This does away with the need of a 'buildgroups'
repo all together, relies upon the shipped / signed rpms, and existing method
of defining groups.
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20070628/3d198d52/attachment-0002.bin
More information about the devel