Draft Proposal: Spin Submission and Approval Process

Josh Boyer jwboyer at gmail.com
Tue Mar 4 21:29:51 UTC 2008

On Tue, 4 Mar 2008 12:23:05 -0900
"Jeff Spaleta" <jspaleta at gmail.com> wrote:

> On Tue, Mar 4, 2008 at 12:17 PM, Jesse Keating <jkeating at redhat.com> wrote:
> > On Tue, 2008-03-04 at 11:57 -0900, Jeff Spaleta wrote:
> >  > The Fedora community will have access to approved kickstart files so
> >  > that they can make local builds of the spins as needed (through cvs,
> >  > website, and perhaps as a package).  If a spin maintainer has the
> >  > ability to host their own spin binary images, they will be allowed to
> >  > link to such binaries (and signatures) from the community contributed
> >  > spins once the peer group of Spin Maintainers certifies that the
> >  > signatures for the binaries are correct.
> >
> >  What are the signatures you're referring to here?
> I guess I meant signed checksums, using an individual's gpg key (Not
> any of the keys the fedora project is using).  If people are going to
> link to external images, I want to make sure we have some basic
> verification available that its the image people are expecting to
> find.

Except spins are done off of released versions of Fedora.  Which means
the packages they use are already signed with the Fedora key.


More information about the fedora-advisory-board mailing list