[Rpm-metadata] detached gpg signature on repomd.xml
seth vidal
skvidal at linux.duke.edu
Mon Aug 28 12:08:35 UTC 2006
On Mon, 2006-08-28 at 10:58 +0200, Christoph Thiel wrote:
> On Sat, 26 Aug 2006, seth vidal wrote:
>
> > as a result of a rather lengthy and ranging discussion elsewhere it came
> > out that a gpg signature of repomd.xml would heighten the security of
> > using these type of repositories.
>
> That's exactly what we have been doing with our repos for SUSE Linux
> Enterprise 10 and openSUSE ;)
>
> Check out:
> http://en.opensuse.org/Secure_Installation_Sources#The_.22repomd.22_or_.22YUM.22_format
>
>
Oh - in that case:
do you already have any code you'd like to share? :)
-sv
More information about the Rpm-metadata
mailing list