#6267: sign ostree commits

[Fedora Release Engineering]

#6267: sign ostree commits
------------------------------+-----------------------
  Reporter:  walters          |      Owner:  rel-eng@…
      Type:  task             |     Status:  new
 Milestone:  Fedora 23 Final  |  Component:  koji
Resolution:                   |   Keywords:
Blocked By:                   |   Blocking:
------------------------------+-----------------------

Comment (by ausil):

 Replying to [comment:5 jgreguske]:
 > Can we change this conversation from "we have two options and they both
 suck", to "we (Fedora Rel-Eng) need X things to have a third option that
 does not suck"? :)
 >
 > Rawhide isn't signed because of signing-system limitations, not because
 of policy, right? What do we need to enable that? And if something else
 wants to be signed after meeting some minimum bar, we could handle that
 case too.

 Sure, I was giving the options available that I think we can realisticly
 deliver in the short to medium term.  the signing software has not
 realistically been actively worked on ever and has not had a commit at all
 since 2012 https://git.fedorahosted.org/cgit/sigul.git/log/ we have not
 been sucessful in getting anyone to be able to work on it despite multiple
 attempts.


 We do have a policy of not doing detatched signatures which we would have
 to change, unless atomic gained the ability to support inline signatures.

 To me the main blocker in implementing this is fixing sigul to be more
 reliable and to enable a way to provide authentication via a means other
 than a manual password entry.

-- 
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6267#comment:10>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project