Hi folks, I've been researching IMA signing with RPM. This is a new feature in CentOS 9 that has not been enabled in Fedora I'm not an IMA expert, and I don't work on this for Red Hat, I'm just an interested user. (In particular, I'm interested in how our build systems track signatures, and how those get passed along the rest of the pipeline.) I'm finding there's no simple "guide to RPM and IMA" where I might contribute further documentation, so for now I've posted my notes and code to https://github.com/ktdreyer/ima It would be great to build some sort of documentation site that explains this stuff, but it's unclear to me what is the RPM team's responsibility vs other teams, etc. See https://github.com/rpm-software-management/rpm-web/issues/28 for example - RPM has a new "FILESIGNATURES" header, but no docs for that. What's a better place for this documentation to live? - Ken _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
