Could someone shed light on the process for GPG signing of packages in the Extras repository? I briefly searched the archives, but found only an inconclusive argument about its usefulness. How does the Extras package signing process differ from Base/Updates? I know RPM-GPG-KEY-fedora-extras sits alongside RPM-GPG-KEY-fedora, but who has control of the Extras signing key? Is checking for a CLA on file the extent of vetting done to submitted packages (assuming they meet all other packaging criteria outlined in the Wiki)? It would be most helpful to have a sketch of what the ultimate signer (a RH employee?) does before he/she decides it's OK to sign the package with the official fedora-extras key. Many thanks, Chris -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
