Pulp's releases should be GPG signed
++ This bug was initially created as a clone of Bugzilla Bug #1128788 ++
Description of problem:
Pulp does not currently sign its releases with a GPG key. Users often request this in IRC. It would be a significant improvement in our release process so users could be sure they were getting the real Pulp packages.
--- Additional comment from email@example.com at 10/30/2014 20:22:24 ---
I believe all the key infra to do this is set up now. Marking as POST for "how to sign" doc review.
--- Additional comment from firstname.lastname@example.org at 11/06/2014 20:46:38 ---
doc is merged, marking as MODIFIED.
--- Additional comment from email@example.com at 12/23/2014 20:52:53 ---
fixed in pulp 2.6.0-0.2.beta
--- Additional comment from firstname.lastname@example.org at 01/06/2015 11:50:44 ---
rpm -K pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm
pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm: rsa sha1 (md5) pgp md5 OK
rpm -K pulp-server-2.6.0-0.2.beta.el6.noarch.rpm
pulp-server-2.6.0-0.2.beta.el6.noarch.rpm: rsa sha1 (md5) pgp md5 OK
And for 2.5 it is like
rpm -K pulp-server-2.5.2-0.1.rc.el6.noarch.rpm
pulp-server-2.5.2-0.1.rc.el6.noarch.rpm: sha1 md5 OK
Updated by rbarlow almost 8 years ago
- Status changed from 6 to CLOSED - CURRENTRELEASE
Updated by bmbouter almost 4 years ago
- Tags Pulp 2 added