From greengsdtywet at gmail.com Tue Apr 15 13:25:20 2014 From: greengsdtywet at gmail.com (james green) Date: Tue, 15 Apr 2014 15:25:20 +0200 Subject: [scl.org] From G. James , Details Attached Message-ID: Inquiry From G. James , Details Attached ENERGY & MINERAL RESOURCES JOHANNESBURG,SOUTH AFRICA. Yours Faithfully, Mr. James Green -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: INQUIRY FROM G .JAMES, Details Attached.doc Type: application/msword Size: 24576 bytes Desc: not available URL: From hhorak at redhat.com Tue Apr 15 13:53:27 2014 From: hhorak at redhat.com (Honza Horak) Date: Tue, 15 Apr 2014 15:53:27 +0200 Subject: [scl.org] From G. James , Details Attached In-Reply-To: References: Message-ID: <534D39D7.5070808@redhat.com> On 04/15/2014 03:25 PM, james green wrote: > Inquiry From G. James , Details Attached > ENERGY & MINERAL RESOURCES > JOHANNESBURG,SOUTH AFRICA. > Yours Faithfully, > Mr. James Green > > > _______________________________________________ > SCLorg mailing list > SCLorg at redhat.com > https://www.redhat.com/mailman/listinfo/sclorg > Sorry guys, I've just accidentally approved spammer.. Hopefully fixed already. Honza From jperrin at centos.org Tue Apr 15 20:13:28 2014 From: jperrin at centos.org (Jim Perrin) Date: Tue, 15 Apr 2014 15:13:28 -0500 Subject: [scl.org] package signing? Message-ID: <534D92E8.9040402@centos.org> Within the CentOS world we've been pointing folks at software collections for the newer nginx and httpd24 packages, however we've been getting some negative feedback because the packages aren't signed. Are there plans to resolve this in the future? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 From rcollet at redhat.com Wed Apr 16 04:52:54 2014 From: rcollet at redhat.com (Remi Collet) Date: Wed, 16 Apr 2014 06:52:54 +0200 Subject: [scl.org] package signing? In-Reply-To: <534D92E8.9040402@centos.org> References: <534D92E8.9040402@centos.org> Message-ID: <534E0CA6.1060303@redhat.com> Le 15/04/2014 22:13, Jim Perrin a ?crit : > Within the CentOS world we've been pointing folks at software > collections for the newer nginx and httpd24 packages, however we've been > getting some negative feedback because the packages aren't signed. I think this will be solved as soon as RHSCL 1.1 will go GA and packages will be backported in centos-scl repository ;) For package not part of official RHSCL (such as php54more, php55more, ...) the solution should be EPEL, but Fedora Guidelines are not ready for SCL... :( > Are there plans to resolve this in the future? Yes this is a problem. But I don't really see how to solve it, as nearly everyone can create a SCL in Copr (and then in softwarecollection.org). Remi. -- rcollet at redhat.com | Senior Software Engineer / BaseOS / WebStack team GPG Key: 0x29F16A18 Fingerprint: 5A0E 6F54 D94D 5732 69EE E3FF 614A 6905 29F1 6A18 From jdornak at redhat.com Wed Apr 16 07:04:44 2014 From: jdornak at redhat.com (Jakub QB =?utf-8?B?RG9yxYjDoWs=?=) Date: Wed, 16 Apr 2014 03:04:44 -0400 (EDT) Subject: [scl.org] package signing? In-Reply-To: <534E0CA6.1060303@redhat.com> References: <534D92E8.9040402@centos.org> <534E0CA6.1060303@redhat.com> Message-ID: <596190500.5845033.1397631884172.JavaMail.zimbra@redhat.com> I have already thought about it. I see a chance to sign packages during the approval process. Nearly everyone can create a SCL in Copr, but only some SCLs will be approved (and possibly signed) by scl.org maintainers. QB ----- Original Message ----- From: "Remi Collet" To: sclorg at redhat.com Sent: Wednesday, April 16, 2014 6:52:54 AM Subject: Re: [scl.org] package signing? Le 15/04/2014 22:13, Jim Perrin a ?crit : > Within the CentOS world we've been pointing folks at software > collections for the newer nginx and httpd24 packages, however we've been > getting some negative feedback because the packages aren't signed. I think this will be solved as soon as RHSCL 1.1 will go GA and packages will be backported in centos-scl repository ;) For package not part of official RHSCL (such as php54more, php55more, ...) the solution should be EPEL, but Fedora Guidelines are not ready for SCL... :( > Are there plans to resolve this in the future? Yes this is a problem. But I don't really see how to solve it, as nearly everyone can create a SCL in Copr (and then in softwarecollection.org). Remi. -- rcollet at redhat.com | Senior Software Engineer / BaseOS / WebStack team GPG Key: 0x29F16A18 Fingerprint: 5A0E 6F54 D94D 5732 69EE E3FF 614A 6905 29F1 6A18 _______________________________________________ SCLorg mailing list SCLorg at redhat.com https://www.redhat.com/mailman/listinfo/sclorg From msuchy at redhat.com Wed Apr 16 12:11:31 2014 From: msuchy at redhat.com (Miroslav Suchy) Date: Wed, 16 Apr 2014 14:11:31 +0200 Subject: [scl.org] package signing? In-Reply-To: <534D92E8.9040402@centos.org> References: <534D92E8.9040402@centos.org> Message-ID: <534E7373.8060609@redhat.com> On 04/15/2014 10:13 PM, Jim Perrin wrote: > Within the CentOS world we've been pointing folks at software > collections for the newer nginx and httpd24 packages, however we've been > getting some negative feedback because the packages aren't signed. softwarecollections.org just take package from Copr. So if package in Copr is signed, then it will be signed in softwarecollections.org. But obviously packages in Copr are not signed. > Are there plans to resolve this in the future? We can either resolve it by manually signig packages on softwarecollections.org - but that is a lot of manual work and just workaround -> trash. Or we can implement rpm signing in Copr. Env-and-Stack group want that too for Playground repository. So we started some discussion, but no real work have been done yet. If you would ask me for ETA... it will not be done within next 30 days for sure. But it will be done next year for sure. But if it will last 2 months or 11 months I am unable to say, because I do not know. Mirek