[CentOS-devel] Some way to validate SIG repo repodata (via HTTPS or GPG-signed repomd?)
Neal Gompa
ngompa13 at gmail.comThu Feb 8 16:45:20 UTC 2018
- Previous message: [CentOS-devel] LinchPin v1.5.1 (update) has been released
- Next message: [CentOS-devel] Some way to validate SIG repo repodata (via HTTPS or GPG-signed repomd?)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey, I've been trying to get the CentOS SIG repositories enabled in the openSUSE Build Service[1]. Today, I started working with Adrian Schröter (who is CC'd to this email) on getting this done, and the issue right now is that there's no way to securely validate the repodata. OBS supports two ways: 1. Validating repodata from a mirror using the copy on the master server fetched through HTTPS. 2. Validating repodata through GPG-signed repodata (signed repomd.xml) While the base repositories do the latter, none of the repositories produced through CBS do, and _nothing_ currently does the former. Is there something that can be done to make this better so we can have nice things? Best regards, Neal [1]: https://progress.opensuse.org/issues/29568 -- 真実はいつも一つ!/ Always, there's only one truth!
- Previous message: [CentOS-devel] LinchPin v1.5.1 (update) has been released
- Next message: [CentOS-devel] Some way to validate SIG repo repodata (via HTTPS or GPG-signed repomd?)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list