On Mon, Dec 17, 2012 at 10:58:54 -0800, Adam Williamson <awill...@redhat.com> wrote:
anyhow, the tricky thing here lies in somehow making it safe for fedup to *automatically* import the correct key for the next release. This is a subtlish problem.
I am biased by being a rawhide user and someone who regularly grabs builds directly from koji, but I'd rather see all non-scratch koji builds signed.
The guaranty wouldn't be as strong as when someone manually signs stuff, but would be a better than nothing.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
