#6267: sign ostree commits
Fedora Release Engineering
rel-eng at lists.fedoraproject.org
Wed Sep 30 14:46:31 UTC 2015
#6267: sign ostree commits
------------------------------+-----------------------
Reporter: walters | Owner: rel-eng@…
Type: task | Status: new
Milestone: Fedora 23 Final | Component: koji
Resolution: | Keywords:
Blocked By: | Blocking:
------------------------------+-----------------------
Comment (by ausil):
It is not blocked only on our policy of not doing detatched signatures.
There is a couple of other issues besides detached signatures.
We do not sign rawhide at all. signing the tree adds a manual step at the
end of every updates and branched compose as someone would have to go and
manually sign the tree.
Ideally we would have metalink support and be able to use the mirrors
which would mittigate the need to sign the tree at all. With metalink
support besides being able to leverage the mirrors we would gain the
support of having the metalink provide via https a sha256 or higher
checksum of the tree. which can be used to verify the integrity of the
tree.
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/6267#comment:1>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
More information about the rel-eng
mailing list