[packman] kodi-16.1-3.5.x86_64.rpm (openSUSE_Leap 42.2) signed with unknown key

Stefan Botter jsj at jsj.dyndns.org
Sun Dec 25 10:36:22 CET 2016

On Fri, 23 Dec 2016 12:43:42 +0100
Olaf Hering <olaf at aepfle.de> wrote:

> What is the reason anyway for the resigning?  Is there no chance to
> use the packman key in the Essential/Multimedia/Extra/Games project
> right away? 

There are several reasons:

1. (a weak one) - History. Before Packman used OBS there was an own
    rudimentary build system, which then needed a publication system. This
    publication system is still used on packman.links2linux.org for
    maintaining the web page and distributing everything to the mirrors.
2. Security: All packages are signed with the packman key in a secure
    environment. The key stays on the signing machine, and only there.
3. Usability and ease of use: You cannot import arbitrary GPG keys
    into OBS. Thus each and every project has its own key. Packman would
    need 5 keys, Essentials, Multimedia, Games, Extra and the whole of
    it in one repo. The combined repo has to be created separately
    anyway, so all packages are resigned with the official Packman key.


Stefan Botter zu Hause
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20161225/deb0e344/attachment.sig>

More information about the Packman mailing list