[Bug 569] please gpg-sign repomd.xml files, enable
repo_gpgcheck=1 in yum .repo files
Xavier Lamien
laxathom at fedoraproject.org
Thu Apr 8 17:32:45 CEST 2010
On Thu, Apr 8, 2010 at 3:07 PM, Michael Schwendt <mschwendt at gmail.com> wrote:
> On Sun, 4 Apr 2010 21:25:51 +0200, RPM wrote:
>
>> http://bugzilla.rpmfusion.org/show_bug.cgi?id=569
>>
>>
>>
>>
>>
>> --- Comment #10 from Thorsten Leemhuis 2010-04-04 21:25:50 ---
>> (In reply to comment #9)
>> > Is this problem fixed ?
>>
>> I would not call it a problem, more a RFE -- for something that even Fedora
>> sill doesn't do iirc
>>
>> but whatever: seems this is one of the dozens of things in RPM Fusion that
>> really would be nice to fix or improved, without anybody working on it :-((
>> (and most of the other things that need to get improved are way more important
>> IMHO)
>
> RFEs like this are in need of _somebody_ to make decisions.
>
> In particular: Is using "gpg-agent" an option? (I think it is)
> Would using "expect" be considered acceptable? (I don't like it)
Why not talk about that on rpmfusion-sysadmin list as well?
>
> As I've mentioned in that bz ticket last year, a repomdsigncmds feature is
> available in the pushscripts. It just needs to be configured _and_
> evaluated. Without using gpg-agent (or expect), one would need to enter
> the key passphrase too often (IMO), however. Has anyone followed the
> development of the signing server (and its requirements)?
I did.
>
> A fundamental problem with RPMFusion is that at the management level there
> is no work-horse to "just do it", i.e. to decide on something and work
> with contributors on feasible solutions. Where something sucks, it needs
> somebody to say "we want to improve in that area" and to put something
> onto an agenda (or call it "wishlist").
>
That what i used to say to the list and... as usual noone step up
except jeroen, nicolas and anvil to "just do it" (on the build and CVS side).
AFAIK, we always work that way.
i.e RPM Fusion was looking for help on having a Account system (FAS1
which was running but broken), i did step up and ask for improve
things and dit it with FAS2.
--
Xavier.t Lamien
--
http://fedoraproject.org/wiki/XavierLamien
GPG-Key ID: F3903DEB
Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB
More information about the rpmfusion-developers
mailing list