Jesse Keating jkeating at
Thu Jun 28 12:55:14 UTC 2007

On Thursday 28 June 2007 08:44:09 Till Maas wrote:
> What should go wrong when someone with the gpg key signs the rpms? And the
> rpms are really trivial, so it is easy to verify them once. And afaik they
> are not updated very often, so it is not much work.

The answer isn't to sign these rpms which don't exist anywhere else in the 
distribution.  The answer is to add a "buildsys-build" group or other such 
named group to the comps file and define what packages should be in there 
that way, and have mock just do a 'groupinstall buildsys-build', which would 
pull from the shipped repos.  This does away with the need of a 'buildgroups' 
repo all together, relies upon the shipped / signed rpms, and existing method 
of defining groups.

Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 

More information about the devel mailing list