On Thu, Jul 13, 2017 at 11:55:52AM -0400, Randy Barlow wrote: > On Thu, 2017-07-13 at 00:36 +0200, Kevin Kofler wrote: > > Koji will take care of the signing for Flatpaks > > built in Koji as it does for RPMs built in Koji. So there is change really. Before: developers sign tarball, packagers authenticate to Fedora, Fedora signs rpm With flatpacks: developers sign tarball, packagers authenticate to Fedora, Fedora signs flatpack Same amount of links of trust, same amount of signatures. No? > Sigul[0] is actually the system that signs the packages. They are > placed into a Koji tag when they need to be signed, and when Sigul is > done signing them it moves them into a new Koji tag. > > [0] https://pagure.io/sigul _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
