Karanbir Singh wrote: > Change which part ? signing them or automating something ? The reason > debuginfo's are not signed is that bringing them into a securebox for > the signing process and pushing them out again easily triples the time > factor. Personally I would rather wait even longer if that meant signed packages. Of course it would not be an ideal solution, but I think the security risk of installing unsigned packages is much worse than the inconvenience of waiting. Also this would only be a big problem at release time, for ordinary updates the delay should not be that bad. > At the moment, there are 2 internal and 1 external mirror for debuginfo > - that can be increased if required. I know that atleast mirrorservice > and kernel.org have previously said that they will make more space > available to centos.org if we need it on their mirrors - and they are > happy to host vhost's for debuginfo / beta's. If disk space on mirrors is a problem you could separate the debuginfo into one directory per release, and move older ones to vault.centos.org. Regards, Pär Andersson National Supercomputer Centre, Sweden