--- On Mon, 2/1/10, Till Maas <opensource(a)till.name> wrote:
From: Till Maas <opensource(a)till.name>
Subject: Re: How are Fedora RPM packagess verified in RPMFusion buildsys?
To: "RPM Fusion developers discussion list"
Date: Monday, February 1, 2010, 3:57 AM
On Wed, Jan 13, 2010 at 02:42:26PM +0100, Till Maas wrote:
> I just wondered how the RPM packages from Fedora used
> buildroots are verfied on the RPMFusion builders.
Fedora uses direct
> access to the RPM packages via a secure channel afaik,
> RPMFusion does not use Fedora infrastructure, this
seems not to be
> possible. Also I did not found the typical RPM message
> the GPG key that is usually displayed on my local mock
builds in the
> RPMFusion build roots. Therefore I fear that the RPMs
are not verified
> at all, but please don't let this be true.
except for a answer about the default mock config, there
was no reply to
this within two weeks. So I conclude that they are very
verified and nobody cares, thats bad. :-(
Thank you for your concern. I honestly don't know the answer to your question.
I'm not an official contributor to either Fedora or RPMFusion, just read the list to
keep up with package progress. I do know that unlike Fedora, which has a lot of Red Hat
Employees putting things together and keeping things moving, this is a volunteer project,
and things do tend to move VERY slowly. I've seen review requests that sit for months.
I'm sure someone here does know for sure, but it may take some time. Also, the
"Leadership" structure of this project might be in a state of flux, as some
changed in how the project is lead have been brought up. The point being is to please
remain patient, and someone will be able to answer your question.