Re: How are Fedora RPM packagess verified in RPMFusion buildsys?
Till Maas wrote:
Hiyas,
I just wondered how the RPM packages from Fedora used in RPMFusion
buildroots are verfied on the RPMFusion builders. Fedora uses direct
access to the RPM packages via a secure channel afaik, but since
RPMFusion does not use Fedora infrastructure, this seems not to be
possible. Also I did not found the typical RPM message about importing
the GPG key that is usually displayed on my local mock builds in the
RPMFusion build roots. Therefore I fear that the RPMs are not verified
at all, but please don't let this be true.
mock typically does not verify keys (making the assumption that the
repos used internally are generally trusted implicitly).
-- Rex