[Rpm-maint] [rpm-software-management/rpm] Add support for multiple, named OpenPGP signatures per package (#1050)

Panu Matilainen notifications at github.com
Wed Feb 5 13:43:22 UTC 2020


It could be multiple groups or whatever, but certainly not about new algorithms. It's kinda intentionally loosely defined to the point of being undefined to allow creative use.

The "name" part was called "role" in earlier versions, which might give different ideas about its usage, but decided against it because it might mix badly with some other, more defined concepts of roles and signatures.

For example, one could use it to "stamp" different stages of production pipeline, eg "build", "qe", "ship", or organizations could do similar things internally, eg stamped authorized for use in departments org.foo.X and org.foo.Y, or different distro versions, or ... I don't know :smile:  The naming is both a clue to the user/usage, and allows (but doesn't require) using the same key for different purposes. 

Ultimately you'd want some configurable signature policy thingie but that's beyond the initial scope.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1050#issuecomment-582413106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200205/a8b44367/attachment.html>


More information about the Rpm-maint mailing list