[OpenAFS] OpenAFS RPMs and GPG signatures

Derrick Brashear shadow@gmail.com
Thu, 12 Jun 2008 12:43:07 -0400

> I think the question here is, who is taking responsibility for the RPMs?  If
> these are Simon Wilkinson RPMs, then I think it's fine for them to be signed
> by Simon.  If openafs.org is asserting that the RPMs are somehow blessed by
> the organization (which I think is implied by the current structure, but may
> not be intended), they should carry an openafs.org signature.  Choosing who
> signs the RPMs could make these relationships clearer.

OpenAFS doesn't exist (yet), so having OpenAFS do it is sort of
fictional, but sure.

But, another problem is what we'd like to do involves having multiple
people needed to sign things, and that's not possible with the tools
available today; And then it would make getting new releases available
quickly harder (or involve more tools)