[packman] kodi-16.1-3.5.x86_64.rpm (openSUSE_Leap 42.2) signed with unknown key
jsj at jsj.dyndns.org
Sun Dec 25 10:36:22 CET 2016
On Fri, 23 Dec 2016 12:43:42 +0100
Olaf Hering <olaf at aepfle.de> wrote:
> What is the reason anyway for the resigning? Is there no chance to
> use the packman key in the Essential/Multimedia/Extra/Games project
> right away?
There are several reasons:
1. (a weak one) - History. Before Packman used OBS there was an own
rudimentary build system, which then needed a publication system. This
publication system is still used on packman.links2linux.org for
maintaining the web page and distributing everything to the mirrors.
2. Security: All packages are signed with the packman key in a secure
environment. The key stays on the signing machine, and only there.
3. Usability and ease of use: You cannot import arbitrary GPG keys
into OBS. Thus each and every project has its own key. Packman would
need 5 keys, Essentials, Multimedia, Games, Extra and the whole of
it in one repo. The combined repo has to be created separately
anyway, so all packages are resigned with the official Packman key.
Stefan Botter zu Hause
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Packman