[Pulp-dev] Should signing service be associated with Publication or Repository?

Matthias Dellweg dellweg at atix.de
Fri Mar 20 09:45:13 UTC 2020

Actually Quirin and I have also seen the difference, and we discussed,
we should implement a combination, where you can specify on the
repo-level but override the signing service with each publication.
It is a little more work for a lot more convenience, imho.
And of course it might be nice to see it handled as similarly as
possible in both plugins.

On Thu, 19 Mar 2020 23:13:23 -0400
Dennis Kliban <dkliban at redhat.com> wrote:

> RPM plugin allows users to define a signing service per repository.
> All publications created from repository versions of that repository
> are signed with that signing service.
> The Debian plugin requires the user to specify the signing service
> each time a publication is created. The signing service foreign key
> is stored with each publication.
> Even though the implementation in Debian requires the user to provide
> the service href each time a publication is created, it seems like a
> stronger model. The signing service associated with a repository can
> change thus making it challenging to keep track of which signing
> service was used to create a publication.
> We should change the behavior in the RPM plugin before we release this
> feature.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20200320/10ad0604/attachment.sig>

More information about the Pulp-dev mailing list