On Tue, 19 Jul 2016 12:58:06 -0700 "Gerald B. Cox" <gbcox@xxxxxx> wrote: > I guess that begs the question of what is happening that can't be > automated. Seems that if the build > is successful and the packager then pushes to the testing repository, > that should be something that > could be automated. Currently package signing is not fully automated. It takes an authorized human who has been granted access and their passphrase(s) to sign things. There is some work ongoing to setup an autosigner process, but we want to make sure it's setup correctly and in such a way thats it's not insecure or easy to subvert. kevin
Attachment:
pgp1tH0rUaDeX.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
