Mailinglist Archive: opensuse-buildservice (314 mails)

< Previous Next >
Re: [opensuse-buildservice] osc build & sign keys
  • From: Susanne Oberhauser <froh@xxxxxxxxxx>
  • Date: 28 Jan 2008 11:20:03 +0100
  • Message-id: <s2imyqq6ylo.fsf@xxxxxxxxxxxxx>

The more I think about it I believe having aggregated packages signed
with several keys has the proper semantics, while providing several
keys in one repo doesn't.

Adding the signature 'blesses' the package for this repo whil in the
original repo, the additional signatures don't do any harm, do they?

Adding a key would 'bless' the whole other project, which may not be
what you want.


The three alternatives I see are:

1. copy the package and sign the copy

2. sign the package with several keys

3. provide several keys from one repo

I vote for #2.


S.
--
Susanne Oberhauser +49-911-74053-574 SUSE -- a Novell Business
OPS Engineering Maxfeldstraße 5
Processes and Infrastructure Nürnberg
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >