[Rpm-metadata] detached gpg signature on repomd.xml

seth vidal skvidal at linux.duke.edu
Mon Aug 28 12:08:35 UTC 2006


On Mon, 2006-08-28 at 10:58 +0200, Christoph Thiel wrote:
> On Sat, 26 Aug 2006, seth vidal wrote:
> 
> > as a result of a rather lengthy and ranging discussion elsewhere it came 
> > out that a gpg signature of repomd.xml would heighten the security of 
> > using these type of repositories.
> 
> That's exactly what we have been doing with our repos for SUSE Linux 
> Enterprise 10 and openSUSE ;)
> 
> Check out:
> http://en.opensuse.org/Secure_Installation_Sources#The_.22repomd.22_or_.22YUM.22_format
> 
> 

Oh - in that case:
  do you already have any code you'd like to share? :)

-sv





More information about the Rpm-metadata mailing list