[Rpm-metadata] detached gpg signature on repomd.xml
seth vidal
skvidal at linux.duke.edu
Sat Aug 26 17:36:54 UTC 2006
On Sat, 2006-08-26 at 12:42 -0400, Jesse Keating wrote:
> On Saturday 26 August 2006 12:30, seth vidal wrote:
> > - using the GPG.py interface mentioned here:
> > http://wiki.python.org/moin/GnuPrivacyGuard
> > - using pyme (python gpg made easy) it's a python+gpgme+swig interface
> > - just calling the gpg command to sign and create the sig file as the
> > last step of the repository creation process.
> >
> > Luke? Paul? What do you think?
>
> I'm not Luke or Paul, but how does one do this in an automated manner, or is
> that no longer possible?
>
it'd be the same as signing packages.
Someone's got to be there or you have to have a key available that's not
encrypted.
I wasn't going to suggest that this be mandatory - just as an option for
repositories where it would be useful.
thanks,
-sv
More information about the Rpm-metadata
mailing list