[Rpm-ecosystem] libhif, and grand plans

Neal Gompa ngompa13 at gmail.com
Thu Aug 6 12:55:36 UTC 2015


On Thu, Aug 6, 2015 at 8:20 AM, Michael Schroeder <mls at suse.de> wrote:

> On Thu, Aug 06, 2015 at 02:15:58PM +0200, Michael Schroeder wrote:
> > In short: there's now Mageia:Cauldron and Fedora:Rawhide in
> > the Opensuse Build Service. I currently only enabled i586/x86_64,
> > depending on the usage patters I may add arm/ppc later. (The
> > problem here is that we have only few build hosts for those
> > architectures.)
>
> Btw, it would be awesome if you could add automatic repository
> metadata signing for Rawhide (i.e. create a Rawhide pubkey and
> sign the repomd.xml). I currently have to trust the mirrors not
> to do funny things...
>
> Cheers,
>   Michael.
>
> --
> Michael Schroeder                                   mls at suse.de
> SUSE LINUX GmbH,           GF Jeff Hawn, HRB 16746 AG Nuernberg
> main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
> _______________________________________________
> Rpm-ecosystem mailing list
> Rpm-ecosystem at lists.rpm.org
> http://lists.rpm.org/mailman/listinfo/rpm-ecosystem
>

​On the metadata signing issue, I asked in fedora-devel and got a response
<https://lists.fedoraproject.org/pipermail/devel/2015-August/213185.html>.​

Essentially, if you're processing the metalinks, the repodata should be
implicitly trustable as the metalinks contain verification information in
the form of checksums and timestamps. The signing process is a manual step
that they don't want to do as the metalinks provide equivalent trustability.


-- 
真実はいつも一つ!/ Always, there's only one truth!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-ecosystem/attachments/20150806/349d9a99/attachment-0001.html>


More information about the Rpm-ecosystem mailing list