Draft Proposal: Spin Submission and Approval Process

Jesse Keating jkeating at redhat.com
Tue Mar 4 21:27:09 UTC 2008

On Tue, 2008-03-04 at 12:23 -0900, Jeff Spaleta wrote:
> >  What are the signatures you're referring to here?
> I guess I meant signed checksums, using an individual's gpg key (Not
> any of the keys the fedora project is using).  If people are going to
> link to external images, I want to make sure we have some basic
> verification available that its the image people are expecting to
> find.

Ok, it brings up another point though.  We don't currently have a way of
verifying that the content in the Live image actually came from signed
rpms.  Some people may want that, especially if they're going to be
built and offered outside the Fedora infrastructure and not signed by
Fedora keys.  More tools needed I suppose :/

Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-advisory-board/attachments/20080304/8c73744b/attachment.sig>

More information about the fedora-advisory-board mailing list