30 Nov
2011
30 Nov
'11
2:54 p.m.
On 11/30/2011 06:41 AM, Doron Fediuck wrote:
WRT- Signing: Who should sign tarballs?
We should KISS (keep it standard & simple...) ie-
1. All tarballs should have md5 / other hash published in the downloads page and possibly a hash file with the tarball.
2. Each distro will sign its packages in its own means, such as signing key, certificate, etc.
+1 Though for the case of oVirt Node, since the ISO isn't in Fedora officially, all we will provide is the md5 of the ISO itself. Perry