#5870: rawhide signing
Fedora Release Engineering
rel-eng at fedoraproject.org
Wed Mar 19 18:15:41 UTC 2014
#5870: rawhide signing
------------------------------+-----------------------
Reporter: kevin | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 21 Final | Component: koji
Resolution: | Keywords: meeting
Blocked By: | Blocking:
------------------------------+-----------------------
Comment (by till):
Replying to [ticket:5870 kevin]:
> We have talked a number of times about getting rawhide packages signed,
but haven't been able to come up with a solution that is secure and meets
our needs. We should try and do so. :)
To decide, whether it is secure, we need to decide which threats we want
to protect against.
> * There is a koji plugin to sign all builds, but it's not implemented in
a very nice way and stores it's keys/passphrases in clear text files on
the hub.
What can be improved in the plugin besided the passphrase storage? There
is no indication about improvements in the ticket I referenced, assuming
it is the plugin you meant.
> * Additional space would be taken up by more signed rpms/signatures.
Are the signatures that big that this is a problem? Or is this related to
the fact that the package might need to be re-signed when Rawhide is
branched?
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/5870#comment:2>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
More information about the rel-eng
mailing list