Bill Nottingham wrote: > That would require the user running mash to authenticate to koji > with a fairly high level of privelege, which seemed somewhat outside of > the scope of it. Another option is for mash to create a local signed copy by splicing the signature header itself. koji.splice_rpm_sighdr is the call the server uses.