Hi, the latest qemu-kvm-ev has been tagged for testing. Please give it a run and provide feedback. If nothing against it shows up, we'll tag it for release on Friday.
Thanks,
On 01/24/2017 11:29 PM, Sandro Bonazzola wrote:
Hi, the latest qemu-kvm-ev has been tagged for testing. Please give it a run and provide feedback. If nothing against it shows up, we'll tag it for release on Friday.
Is it considered normal for the test RPMs to not be signed?
On Wed, Jan 25, 2017 at 8:20 PM, Lamar Owen lowen@pari.edu wrote:
On 01/24/2017 11:29 PM, Sandro Bonazzola wrote:
Hi, the latest qemu-kvm-ev has been tagged for testing. Please give it a run and provide feedback. If nothing against it shows up, we'll tag it for release on Friday.
Is it considered normal for the test RPMs to not be signed?
I've no control over signing, Karanbir?
CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
On 01/26/2017 01:12 AM, Sandro Bonazzola wrote:
On Wed, Jan 25, 2017 at 8:20 PM, Lamar Owen <lowen@pari.edu mailto:lowen@pari.edu> wrote:
On 01/24/2017 11:29 PM, Sandro Bonazzola wrote: Hi, the latest qemu-kvm-ev has been tagged for testing. Please give it a run and provide feedback. If nothing against it shows up, we'll tag it for release on Friday. Is it considered normal for the test RPMs to not be signed?I've no control over signing, Karanbir?
The testing RPMs are not signed .. they are straight from CBS. Does the testing repo not have 'gpgcheck=0'?
On 01/26/2017 12:14 PM, Johnny Hughes wrote:
The testing RPMs are not signed .. they are straight from CBS. Does the testing repo not have 'gpgcheck=0'?
Ok, thanks. Given the level of system interaction that qemu/kvm has, it would be an ideal vector for malware, and package signing prevents this. My copy of the repo file has the following: +++++++++++ [centos-qemu-ev-test] name=CentOS-$releasever - QEMU EV Testing baseurl=http://buildlogs.centos.org/centos/$releasever/virt/$basearch/kvm-common/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
On 01/26/2017 04:30 PM, Lamar Owen wrote:
On 01/26/2017 12:14 PM, Johnny Hughes wrote:
The testing RPMs are not signed .. they are straight from CBS. Does the testing repo not have 'gpgcheck=0'?
Ok, thanks. Given the level of system interaction that qemu/kvm has, it would be an ideal vector for malware, and package signing prevents this. My copy of the repo file has the following: +++++++++++ [centos-qemu-ev-test] name=CentOS-$releasever - QEMU EV Testing baseurl=http://buildlogs.centos.org/centos/$releasever/virt/$basearch/kvm-common/
gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
The update pulled in a new .repo file as part of the release package, and this stanza now shows gpgcheck=0
-
Johnny Hughes -
Lamar Owen -
Sandro Bonazzola