On 12/11/2009 08:52 AM, James Laska wrote:
On Fri, 2009-12-11 at 08:20 -0800, Adam Williamson wrote:
On Fri, 2009-12-11 at 10:53 -0500, James Laska wrote:
Not sure if this has been raised yet, but are we specifying when in the
release that packages should be signed with a valid signature? I
believe packages are signed at all release milestones, but I'd like to
clear up that assumption.
Do you think that's a criteria issue, i.e. something to which there's an
innate correct answer which can be defined and which shouldn't change?
I'd think of it more as a process issue, but IMBW.
Yeah, that's my question ... is there an assumption that all packages
will be signed? Does this assumption need to be validated?
Looking at our current test plans for the release, I don't see anything
where we confirm that packages are properly signed. Should we be
testing this, and if so ... does it map back to a specific release
criteria?
The way we've approached the Release Criteria is that we are only
capturing things that *must* be present to ship.
If the answer to the question: "If for whatever reason, packages were
not signed with the correct key (or at all), would we delay shipping the
release until they were signed correctly?"... is "yes" then I think it
should be added to the criteria.
I would propose the answer should be "yes, all packages must be properly
signed." I'm sure people will let me know if they disagree ;-)
John
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
