[Rpm-ecosystem] libhif, and grand plans
ngompa13 at gmail.com
Thu Aug 6 12:55:36 UTC 2015
On Thu, Aug 6, 2015 at 8:20 AM, Michael Schroeder <mls at suse.de> wrote:
> On Thu, Aug 06, 2015 at 02:15:58PM +0200, Michael Schroeder wrote:
> > In short: there's now Mageia:Cauldron and Fedora:Rawhide in
> > the Opensuse Build Service. I currently only enabled i586/x86_64,
> > depending on the usage patters I may add arm/ppc later. (The
> > problem here is that we have only few build hosts for those
> > architectures.)
> Btw, it would be awesome if you could add automatic repository
> metadata signing for Rawhide (i.e. create a Rawhide pubkey and
> sign the repomd.xml). I currently have to trust the mirrors not
> to do funny things...
> Michael Schroeder mls at suse.de
> SUSE LINUX GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg
> Rpm-ecosystem mailing list
> Rpm-ecosystem at lists.rpm.org
On the metadata signing issue, I asked in fedora-devel and got a response
Essentially, if you're processing the metalinks, the repodata should be
implicitly trustable as the metalinks contain verification information in
the form of checksums and timestamps. The signing process is a manual step
that they don't want to do as the metalinks provide equivalent trustability.
真実はいつも一つ！/ Always, there's only one truth!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-ecosystem