[scl.org] package signing?

Jakub QB Dorňák jdornak at redhat.com
Wed Apr 16 07:04:44 UTC 2014

I have already thought about it. I see a chance to sign packages during the approval process.
Nearly everyone can create a SCL in Copr, but only some SCLs will be approved (and possibly signed) by scl.org maintainers.

----- Original Message -----
From: "Remi Collet" <rcollet at redhat.com>
To: sclorg at redhat.com
Sent: Wednesday, April 16, 2014 6:52:54 AM
Subject: Re: [scl.org] package signing?

Le 15/04/2014 22:13, Jim Perrin a écrit :
> Within the CentOS world we've been pointing folks at software
> collections for the newer nginx and httpd24 packages, however we've been
> getting some negative feedback because the packages aren't signed.

I think this will be solved as soon as RHSCL 1.1 will go GA and packages
will be backported in centos-scl repository ;)

For package not part of official RHSCL (such as php54more, php55more,
...) the solution should be EPEL, but Fedora Guidelines are not ready
for SCL... :(

> Are there plans to resolve this in the future?

Yes this is a problem.

But I don't really see how to solve it, as nearly everyone can create a
SCL in Copr (and then in softwarecollection.org).


rcollet at redhat.com | Senior Software Engineer / BaseOS / WebStack team
GPG Key: 0x29F16A18
Fingerprint: 5A0E 6F54 D94D 5732 69EE  E3FF 614A 6905 29F1 6A18

SCLorg mailing list
SCLorg at redhat.com

More information about the SCLorg mailing list