[Mageia-dev] PGP keys and package signing

nicolas vigier boklm at mars-attacks.org
Fri Feb 4 12:19:50 CET 2011

On Mon, 31 Jan 2011, nicolas vigier wrote:

> In this thread :
> https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html
> misc proposed that we publish tarballs of our software on the mirrors,
> and sign them using a pgp key. So we need a key for that. We also want
> to sign ISOs, maybe with a different key. So I think we can do the same
> as for packages key, we create new keys for software releases and for
> ISOs, and we sign those keys with the board@ key. And we can tell
> everybody that all files released by the project are always signed by
> a key that was signed by the board@ key.

So we need to decide which keys we need, before fosdem :
 - for signing packages: packages at mageia.org
 - for signing software: software at mageia.org
 - for signing ISOs : release at mageia.org

Any other key needed ?

More information about the Mageia-dev mailing list