Draft Proposal: Spin Submission and Approval Process
jwboyer at gmail.com
Tue Mar 4 21:29:51 UTC 2008
On Tue, 4 Mar 2008 12:23:05 -0900
"Jeff Spaleta" <jspaleta at gmail.com> wrote:
> On Tue, Mar 4, 2008 at 12:17 PM, Jesse Keating <jkeating at redhat.com> wrote:
> > On Tue, 2008-03-04 at 11:57 -0900, Jeff Spaleta wrote:
> > > The Fedora community will have access to approved kickstart files so
> > > that they can make local builds of the spins as needed (through cvs,
> > > website, and perhaps as a package). If a spin maintainer has the
> > > ability to host their own spin binary images, they will be allowed to
> > > link to such binaries (and signatures) from the community contributed
> > > spins once the peer group of Spin Maintainers certifies that the
> > > signatures for the binaries are correct.
> > What are the signatures you're referring to here?
> I guess I meant signed checksums, using an individual's gpg key (Not
> any of the keys the fedora project is using). If people are going to
> link to external images, I want to make sure we have some basic
> verification available that its the image people are expecting to
Except spins are done off of released versions of Fedora. Which means
the packages they use are already signed with the Fedora key.
More information about the fedora-advisory-board