[Rpm-metadata] detached gpg signature on repomd.xml

seth vidal skvidal at linux.duke.edu
Sat Aug 26 22:55:31 UTC 2006


On Sat, 2006-08-26 at 18:05 -0400, Jesse Keating wrote:
> On Saturday 26 August 2006 13:36, seth vidal wrote:
> > it'd be the same as signing packages.
> >
> > Someone's got to be there or you have to have a key available that's not
> > encrypted.
> >
> > I wasn't going to suggest that this be mandatory - just as an option for
> > repositories where it would be useful.
> 
> What about x509 cert rather than gpg?
> 

So a user now has to know about 2 types of certs rather than just 1? How
does an x509 cert change things?

-sv





More information about the Rpm-metadata mailing list