On 09/30/2014 03:24 PM, Joe Brockmeier wrote: > Hi all, > > During last week's meeting I agreed to bring this up (sorry for the delay). > > KB asked "do we care and how much, if at all, that the key used to sign > the content is the real distro key?" (Because at the outset, it's going > to be more difficult to use the distro key for Atomic host.) > > IMO, we don't so long as we have a SIG key that is publicized. I don't > see any reason it has to be the main CentOS / distro key. > > Any objections/thoughts/comments? > I've been working out the backend mechanisms and infra that might be needed, this is also an open conversation / decision point with the board; The safe assumption would be to assume a rpm-sign.sh proxy will come up, whats on the other end of that is still up in the air. But the sign process SHOULD block on that call; there might be some network request involved, am trying really hard for there not to be, but I dont think there is an easy way out, as yet. I will have more details on the key itself in the next few days, -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc