Hi, one upstream project [1] stopped signing source tarballs with PGP and wants to use signify instead. Is this something the OBS supports? Thanks Axel https://discuss.tryton.org/t/cryptographically-sign-source-releases/7220
Hi, This is not supported yet, but could likely be added to the obs source_validator service. Ciao, Marcus On Thu, Apr 25, 2024 at 11:04:16AM +0200, Axel Braun wrote:
Hi,
one upstream project [1] stopped signing source tarballs with PGP and wants to use signify instead. Is this something the OBS supports?
Thanks Axel
https://discuss.tryton.org/t/cryptographically-sign-source-releases/7220
-- Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany GF: Ivo Totev, Andrew McDonald, Werner Knoblich, HRB 36809, AG Nuernberg
Thanks Marcus, question is whether we want to do that and if it makes sence. For the time beeing, for implementing security fix for https://discuss.tryton.org/t/security-release-for-issue-13142/7196 I would probably disable source check, OK? Cheers Axel Am Donnerstag, 25. April 2024, 14:04:59 MESZ schrieb Marcus Meissner:
Hi,
This is not supported yet, but could likely be added to the obs source_validator service.
Ciao, Marcus
On Thu, Apr 25, 2024 at 11:04:16AM +0200, Axel Braun wrote:
Hi,
one upstream project [1] stopped signing source tarballs with PGP and wants to use signify instead. Is this something the OBS supports?
Thanks Axel
https://discuss.tryton.org/t/cryptographically-sign-source-releases/7220
--
Dr. Axel Braun
participants (2)
-
Axel Braun
-
Marcus Meissner