Implement package and repo signing
Opened this issue · 0 comments
schaefi commented
Packages and repos currently offered by the cb-collect service are not signed.
- signing of package files via rpmsign for rpm packages
- signing of repomd.xml for repodata repos
Other signing options for repos for non rpm/repodata packages/repos
- Signing key setup...
Currently there is no concept about this one because CB is not yet producing repos for production use.
Beginning with a first stable release it might however be a pretty important setting