View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0014483||Buildsys||community buildsys||public||2018-02-12 14:43||2018-04-11 14:17|
|Summary||0014483: Please GPG sign repository metadata for CBS repositories|
|Description||I've been trying to get the CentOS SIG repositories enabled in the|
openSUSE Build Service.
Last week, I started working with Adrian Schröter (who manages the CentOS configurations on the openSUSE Build Service and is one of the OBS developers and administrators) on getting this done, and the issue right now is that there's
no way to securely validate the repodata.
OBS supports two ways:
1. Validating repodata from a mirror using the copy on the master
server fetched through HTTPS.
2. Validating repodata through GPG-signed repodata (signed repomd.xml)
While the base repositories do the latter, none of the repositories
produced through CBS do, and _nothing_ currently does the former.
Based on discussions with Arrfab on #centos-devel, it seems like it'd make sense to do GPG signing of repodata for all CBS repos automatically.
Can we please have this soon, so that everything can be wired up?
|Additional Information||Reference ML topic: https://lists.centos.org/pipermail/centos-devel/2018-February/016453.html|
openSUSE ticket: https://progress.opensuse.org/issues/29568
|Tags||No tags attached.|
|I have this scoped up, hoping to have this live mid March's time frame.|
|Per's @kbsingh note, acknowledged now|
|Any progress on this? It's nearly the end of March, and I'm wondering on the progress on this issue...|
|Ping... Any progress? It's nearly mid-April now...|
|2018-02-12 14:43||ngompa||New Issue|
|2018-02-24 18:00||arrfab||Note Added: 0031314|
|2018-02-26 10:26||TrevorH||Relationship added||has duplicate 0014530|
|2018-02-26 10:27||TrevorH||Relationship added||has duplicate 0014531|
|2018-02-26 12:32||arrfab||Relationship deleted||has duplicate 0014530|
|2018-02-26 12:33||wolfy||Relationship deleted||has duplicate 0014531|
|2018-02-26 12:email@example.com||Note Added: 0031322|
|2018-02-26 14:27||arrfab||Status||new => acknowledged|
|2018-02-26 14:27||arrfab||Note Added: 0031323|
|2018-03-25 04:47||ngompa||Note Added: 0031502|
|2018-04-11 14:17||ngompa||Note Added: 0031601|