Project

Profile

Help

Story #244

closed

Pulp's releases should be GPG signed

Added by rbarlow about 9 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
2.6.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

++ This bug was initially created as a clone of Bugzilla Bug #1128788 ++

Description of problem:

Pulp does not currently sign its releases with a GPG key. Users often request this in IRC. It would be a significant improvement in our release process so users could be sure they were getting the real Pulp packages.

--- Additional comment from at 10/30/2014 20:22:24 ---

https://github.com/pulp/pulp/pull/1268

I believe all the key infra to do this is set up now. Marking as POST for "how to sign" doc review.

--- Additional comment from at 11/06/2014 20:46:38 ---

doc is merged, marking as MODIFIED.

--- Additional comment from at 12/23/2014 20:52:53 ---

fixed in pulp 2.6.0-0.2.beta

--- Additional comment from at 01/06/2015 11:50:44 ---

rpm -K pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm

pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm: rsa sha1 (md5) pgp md5 OK

rpm -K pulp-server-2.6.0-0.2.beta.el6.noarch.rpm

pulp-server-2.6.0-0.2.beta.el6.noarch.rpm: rsa sha1 (md5) pgp md5 OK

And for 2.5 it is like

rpm -K pulp-server-2.5.2-0.1.rc.el6.noarch.rpm

pulp-server-2.5.2-0.1.rc.el6.noarch.rpm: sha1 md5 OK

Actions #1

Updated by rbarlow almost 9 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE
Actions #3

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF