How are Fedora RPM packagess verified in RPMFusion buildsys?
Stewart Adam
maillist at diffingo.com
Mon Feb 1 21:57:22 CET 2010
On 2010/02/01 3:57 AM, Till Maas wrote:
> Hiyas,
>
> On Wed, Jan 13, 2010 at 02:42:26PM +0100, Till Maas wrote:
>
>> I just wondered how the RPM packages from Fedora used in RPMFusion
>> buildroots are verfied on the RPMFusion builders. Fedora uses direct
>> access to the RPM packages via a secure channel afaik, but since
>> RPMFusion does not use Fedora infrastructure, this seems not to be
>> possible. Also I did not found the typical RPM message about importing
>> the GPG key that is usually displayed on my local mock builds in the
>> RPMFusion build roots. Therefore I fear that the RPMs are not verified
>> at all, but please don't let this be true.
>
> except for a answer about the default mock config, there was no reply to
> this within two weeks. So I conclude that they are very likely not
> verified and nobody cares, thats bad. :-(
I would bet that a more likely conclusion is that few people have access to
the buildsys, and those that do are very busy ;)
More information about the rpmfusion-developers
mailing list