[Mageia-dev] PGP keys and package signing
Michael Scherer
misc at zarb.org
Fri Feb 4 12:51:15 CET 2011
Le vendredi 04 février 2011 à 12:19 +0100, nicolas vigier a écrit :
> On Mon, 31 Jan 2011, nicolas vigier wrote:
>
> >
> > In this thread :
> > https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html
> > misc proposed that we publish tarballs of our software on the mirrors,
> > and sign them using a pgp key. So we need a key for that. We also want
> > to sign ISOs, maybe with a different key. So I think we can do the same
> > as for packages key, we create new keys for software releases and for
> > ISOs, and we sign those keys with the board@ key. And we can tell
> > everybody that all files released by the project are always signed by
> > a key that was signed by the board@ key.
>
> So we need to decide which keys we need, before fosdem :
> - for signing packages: packages at mageia.org
> - for signing software: software at mageia.org
> - for signing ISOs : release at mageia.org
>
> Any other key needed ?
Seems good to me.
--
Michael Scherer
More information about the Mageia-dev
mailing list