[Users] rpms signed - why not?

Dan Kenigsberg danken at redhat.com
Mon Jan 13 21:57:03 UTC 2014


On Mon, Jan 13, 2014 at 08:10:23PM +0100, Amedeo Salvati wrote:
> I was setting up our spacewalk repo for ovirt due to auto
> provisioning engine and node based on centos distro, but I was
> surprised that you can't sign with gpg key your rpms, instead
> gluster rpms is signed with key id 89ccae8b available on her site
> 
> Why you don't sign your rpms?
> 
> e.g:
> $ wget http://resources.ovirt.org/releases/3.3.2/rpm/EL/6/noarch/ovirt-engine-3.3.2-1.el6.noarch.rpm
> $ rpm -K -v ovirt-engine-3.3.2-1.el6.noarch.rpm
> ovirt-engine-3.3.2-1.el6.noarch.rpm:
>     Digest SHA1 header: OK (f8cf0a7592ae3d8d298813cf61ec8b4e2ad6b6f6)
>     MD5 digest: OK (bc4b66e0791b3ef5dd8e9b49828ad7d8)
> 
> instead gluster rpms:
> $ wget http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-6/x86_64/glusterfs-3.4.2-1.el6.x86_64.rpm
> $ rpm -K -v glusterfs-3.4.2-1.el6.x86_64.rpm
> glusterfs-3.4.2-1.el6.x86_64.rpm:
>     Header V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
>     Header SHA1 digest: OK (e71040f320da087e6e9012102e0e59f134259d2a)
>     V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
>     MD5 digest: OK (01e72fe3ed97ba849327cafe43ca5d45)
> 

+1

https://fedorahosted.org/ovirt/ticket/99 "improvements for our release
process"



More information about the Users mailing list