DNF supports signed repodata for a while, but Fedora doesn't produce them. I'd like to get the signatures created and distributed, not necessarily enabled repo_gpgcheck=1 by default.
Do you have any idea who to contact to make this happen? I could file a Change, but I wouldn't be able to deliver the work as it probably requires some tooling and infra changes.
@dmach The work can be tracked in releng tracker (https://pagure.io/releng) but I wonder if it requires a FESCo approval as a change request?
@kevin and I have to work on it together.
From @kevin
<nirik> I think https://pagure.io/pungi/issue/506 needs finished, but sounds like there's a plan that depends on https://pagure.io/robosignatory/pull-request/51 so, just needs that merged and released and then pungi code built to use it.
It would probably require a Change to enable it in Fedora by default, but generating the signed repositories should be able to happen at any time.
cc: @demiobenour
So, as noted above, this needs work from robosignatory maintainers, then work from pungi maintainers, then some releng work to enable things.
I guess the biggest unknown is availability of pungi developers to work on this.
IMHO, this should be like any other change... some folks driving it/coordinating and making sure everyone is on board, then making a change and discussing it on devel list and then finally fesco approving...
I'd be happy to help, although I am not sure how much time I will have to devote to it.
Does https://pagure.io/robosignatory/pull-request/51 help with this?
I may be able to work on this, although I am no expert on Pungi.
I can guarentee that Qubes OS will enable repo_gpgcheck=1 as soon as Fedora starts signing the repodata, whether or not it is enabled by default in Fedora.
repo_gpgcheck=1
Metadata Update from @defolos: - Issue tagged with: meeting
@dmach We will discuss this during tomorrow's FESCo meeting, you're cordially invited to join.
@dmach We have discussed this today during the meeting and the proposal sound reasonable. The agreement is that the interested parties should coordinate on this, get the necessary infrastructure in place and then submit this as a change proposal.
Metadata Update from @defolos: - Issue close_status updated to: Insufficient data - Issue status updated to: Closed (was: Open)
Note, related BZ on this: https://bugzilla.redhat.com/show_bug.cgi?id=1433592
Login to comment on this ticket.