[scl.org] package signing?
Miroslav Suchy
msuchy at redhat.com
Wed Apr 16 12:11:31 UTC 2014
On 04/15/2014 10:13 PM, Jim Perrin wrote:
> Within the CentOS world we've been pointing folks at software
> collections for the newer nginx and httpd24 packages, however we've been
> getting some negative feedback because the packages aren't signed.
softwarecollections.org just take package from Copr. So if package in
Copr is signed, then it will be signed in softwarecollections.org.
But obviously packages in Copr are not signed.
> Are there plans to resolve this in the future?
We can either resolve it by manually signig packages on
softwarecollections.org - but that is a lot of manual work and just
workaround -> trash.
Or we can implement rpm signing in Copr. Env-and-Stack group want that
too for Playground repository. So we started some discussion, but no
real work have been done yet.
If you would ask me for ETA... it will not be done within next 30 days
for sure. But it will be done next year for sure.
But if it will last 2 months or 11 months I am unable to say, because I
do not know.
Mirek
More information about the SCLorg
mailing list