[Users] rpms signed - why not?
Dan Kenigsberg
danken at redhat.com
Mon Jan 13 21:57:03 UTC 2014
On Mon, Jan 13, 2014 at 08:10:23PM +0100, Amedeo Salvati wrote:
> I was setting up our spacewalk repo for ovirt due to auto
> provisioning engine and node based on centos distro, but I was
> surprised that you can't sign with gpg key your rpms, instead
> gluster rpms is signed with key id 89ccae8b available on her site
>
> Why you don't sign your rpms?
>
> e.g:
> $ wget http://resources.ovirt.org/releases/3.3.2/rpm/EL/6/noarch/ovirt-engine-3.3.2-1.el6.noarch.rpm
> $ rpm -K -v ovirt-engine-3.3.2-1.el6.noarch.rpm
> ovirt-engine-3.3.2-1.el6.noarch.rpm:
> Digest SHA1 header: OK (f8cf0a7592ae3d8d298813cf61ec8b4e2ad6b6f6)
> MD5 digest: OK (bc4b66e0791b3ef5dd8e9b49828ad7d8)
>
> instead gluster rpms:
> $ wget http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-6/x86_64/glusterfs-3.4.2-1.el6.x86_64.rpm
> $ rpm -K -v glusterfs-3.4.2-1.el6.x86_64.rpm
> glusterfs-3.4.2-1.el6.x86_64.rpm:
> Header V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
> Header SHA1 digest: OK (e71040f320da087e6e9012102e0e59f134259d2a)
> V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
> MD5 digest: OK (01e72fe3ed97ba849327cafe43ca5d45)
>
+1
https://fedorahosted.org/ovirt/ticket/99 "improvements for our release
process"
More information about the Arch
mailing list