Re: First community release
On 11/30/2011 06:41 AM, Doron Fediuck wrote:
WRT-
Signing: Who should sign tarballs?
We should KISS (keep it standard & simple...) ie-
1. All tarballs should have md5 / other hash published
in the downloads page and possibly a hash file with the tarball.
2. Each distro will sign its packages in its own means,
such as signing key, certificate, etc.
+1
Though for the case of oVirt Node, since the ISO isn't in Fedora
officially, all we will provide is the md5 of the ISO itself.
Perry