FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 04-23-2012, 06:54 PM
Christopher Howard
 
Default signing

I build my RPMs on one system but GPG sign them on another, which seems
to work fine with the rpmsign command. I was just wondering: is it
customary to sign just the source RPM, or both the source and binary
RPMs? Does it hurt anything to sign both?

--
frigidcode.com
indicium.us

--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 04-23-2012, 10:12 PM
Paul Morgan
 
Default signing

On Apr 23, 2012 2:51 PM, "Christopher Howard" <christopher.howard@frigidcode.com> wrote:

>

> I build my RPMs on one system but GPG sign them on another, which seems

> to work fine with the rpmsign command. I was just wondering: is it

> customary to sign just the source RPM, or both the source and binary

> RPMs? Does it hurt anything to sign both?



I sign both srpm and rpm as myself (the packager).


they get re-signed with the deployment key when it's copied to the yum server.


hth,

-paul

--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 

Thread Tools




All times are GMT. The time now is 12:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org