How are Fedora RPM packagess verified in RPMFusion buildsys?

Till Maas opensource at till.name
Mon Feb 1 09:57:29 CET 2010


Hiyas,

On Wed, Jan 13, 2010 at 02:42:26PM +0100, Till Maas wrote:

> I just wondered how the RPM packages from Fedora used in RPMFusion
> buildroots are verfied on the RPMFusion builders. Fedora uses direct
> access to the RPM packages via a secure channel afaik, but since
> RPMFusion does not use Fedora infrastructure, this seems not to be
> possible. Also I did not found the typical RPM message about importing
> the GPG key that is usually displayed on my local mock builds in the
> RPMFusion build roots. Therefore I fear that the RPMs are not verified
> at all, but please don't let this be true.

except for a answer about the default mock config, there was no reply to
this within two weeks. So I conclude that they are very likely not
verified and nobody cares, thats bad. :-(

Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.rpmfusion.org/pipermail/rpmfusion-developers/attachments/20100201/51deec2d/attachment.bin


More information about the rpmfusion-developers mailing list