Quoting Stephan Kulow <coolo@suse.de>:
On 04.12.2012 09:26, Michal Vyskocil wrote:
This actually sounds like to be put in the source validator or a similiar source service that runs on checkin. And that I can then call from factory-auto
I agree that ugly %suse version %preps are not worth the extra felt security - especially as we do no checks about the keyring whatsoever.
I do indeed prefer the 'automatic' approach as opposed to having all this info in the .spec files (similar to checkin services or brp-checks). For 'reviews' of the entire thing, it would be mandatory for obs webui and osc to be able to 'show/decode' the information in the .keyring... and ANY change on the .keyring file should trigger an immediate warning for the review team, to give an extra heads up that this might be an attempt to alter the security model. Or, as the first suggestion was, have the .keyring in a collective package in Factory and 'allow' the .keyring to be used as an extension in devel projects / non-factory packages. Not too easy to ensure nothing goes wrong at no place... Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org