fedup: does not verify source
Bruno Wolff III
bruno at wolff.to
Mon Dec 17 19:24:55 UTC 2012
On Mon, Dec 17, 2012 at 10:58:54 -0800,
Adam Williamson <awilliam at redhat.com> wrote:
>
>anyhow, the tricky thing here lies in somehow making it safe for fedup
>to *automatically* import the correct key for the next release. This is
>a subtlish problem.
I am biased by being a rawhide user and someone who regularly grabs builds
directly from koji, but I'd rather see all non-scratch koji builds signed.
The guaranty wouldn't be as strong as when someone manually signs stuff,
but would be a better than nothing.
More information about the devel
mailing list