On Thu, 20 Dec 2007 08:41:24 +0100 Thorsten Leemhuis <fedora@xxxxxxxxxxxxx> wrote: > On 20.12.2007 05:39, Michael Schwendt wrote: > > On Wed, 19 Dec 2007 14:55:51 -0500, Tom "spot" Callaway wrote: > >> On Wed, 2007-12-19 at 11:52 -0800, Bryan O'Sullivan wrote: > >>> Is the package signing step done by hand? That's been my understanding, > >>> but maybe I'm missing something. It reminds me of Sigourney Weaver's > >>> role in "Galaxy Quest": a seemingly needless insertion of people into > >>> the process. > >>> If so, why? Can we switch to an automated process? > >> It is currently a manual process, and Jesse Keating has been working for > >> some time to make an open source signing server that will work for > >> Fedora's infrastructure needs but also be useful for anyone. > > Just wondering: Is Jesse the only one that does pushes? Maybe we should > give at least one other person access to the signing key? Essentially, he is. Others have access to the key but Jesse does the pushes 9 times out of 10. That is a major reason for the signing server. It allows others to help out without having to know the super sekret key. josh -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
