How are Fedora RPM packagess verified in RPMFusion buildsys?
Rex Dieter
rdieter at math.unl.edu
Wed Jan 13 15:19:21 CET 2010
Till Maas wrote:
> Hiyas,
>
> I just wondered how the RPM packages from Fedora used in RPMFusion
> buildroots are verfied on the RPMFusion builders. Fedora uses direct
> access to the RPM packages via a secure channel afaik, but since
> RPMFusion does not use Fedora infrastructure, this seems not to be
> possible. Also I did not found the typical RPM message about importing
> the GPG key that is usually displayed on my local mock builds in the
> RPMFusion build roots. Therefore I fear that the RPMs are not verified
> at all, but please don't let this be true.
mock typically does not verify keys (making the assumption that the
repos used internally are generally trusted implicitly).
-- Rex
More information about the rpmfusion-developers
mailing list