On Tue, 4 Mar 2008 12:23:05 -0900 "Jeff Spaleta" <jspaleta@xxxxxxxxx> wrote: > On Tue, Mar 4, 2008 at 12:17 PM, Jesse Keating <jkeating@xxxxxxxxxx> wrote: > > On Tue, 2008-03-04 at 11:57 -0900, Jeff Spaleta wrote: > > > The Fedora community will have access to approved kickstart files so > > > that they can make local builds of the spins as needed (through cvs, > > > website, and perhaps as a package). If a spin maintainer has the > > > ability to host their own spin binary images, they will be allowed to > > > link to such binaries (and signatures) from the community contributed > > > spins once the peer group of Spin Maintainers certifies that the > > > signatures for the binaries are correct. > > > > What are the signatures you're referring to here? > > I guess I meant signed checksums, using an individual's gpg key (Not > any of the keys the fedora project is using). If people are going to > link to external images, I want to make sure we have some basic > verification available that its the image people are expecting to > find. Except spins are done off of released versions of Fedora. Which means the packages they use are already signed with the Fedora key. josh _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
