[Mageia-dev] PGP keys and package signing
nicolas vigier
boklm at mars-attacks.org
Fri Feb 4 12:19:50 CET 2011
On Mon, 31 Jan 2011, nicolas vigier wrote:
>
> In this thread :
> https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html
> misc proposed that we publish tarballs of our software on the mirrors,
> and sign them using a pgp key. So we need a key for that. We also want
> to sign ISOs, maybe with a different key. So I think we can do the same
> as for packages key, we create new keys for software releases and for
> ISOs, and we sign those keys with the board@ key. And we can tell
> everybody that all files released by the project are always signed by
> a key that was signed by the board@ key.
So we need to decide which keys we need, before fosdem :
- for signing packages: packages at mageia.org
- for signing software: software at mageia.org
- for signing ISOs : release at mageia.org
Any other key needed ?
More information about the Mageia-dev
mailing list