[packman] kodi-16.1-3.5.x86_64.rpm (openSUSE_Leap 42.2) signed with unknown key
Stefan Botter
jsj at jsj.dyndns.org
Sun Dec 25 10:36:22 CET 2016
On Fri, 23 Dec 2016 12:43:42 +0100
Olaf Hering <olaf at aepfle.de> wrote:
> What is the reason anyway for the resigning? Is there no chance to
> use the packman key in the Essential/Multimedia/Extra/Games project
> right away?
There are several reasons:
1. (a weak one) - History. Before Packman used OBS there was an own
rudimentary build system, which then needed a publication system. This
publication system is still used on packman.links2linux.org for
maintaining the web page and distributing everything to the mirrors.
2. Security: All packages are signed with the packman key in a secure
environment. The key stays on the signing machine, and only there.
3. Usability and ease of use: You cannot import arbitrary GPG keys
into OBS. Thus each and every project has its own key. Packman would
need 5 keys, Essentials, Multimedia, Games, Extra and the whole of
it in one repo. The combined repo has to be created separately
anyway, so all packages are resigned with the official Packman key.
Greetings,
Stefan
--
Stefan Botter zu Hause
Bremen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20161225/deb0e344/attachment.sig>
More information about the Packman
mailing list