On Fri, Mar 18, 2005 at 08:29:26AM -0800, Foster, Mark
wrote:> Hi - I''d like to know if any manual or automatic validation is
done
> against the GPG signatures contained in the Red Hat source rpms (SRPMS)
> before they are compiled and (re)signed with the CentOS key.
wget src.rpm && rpm --checksig src.rpm && rpm --rebuild src.rpm
The produced ix86.rpm and x86_64.rpm are compared against
the RedHat''s ones and if they match close enough, then
they are then signed and uploaded to the master mirror
The src.rpm is regenerated/patched if required and signed/pushed too.
Cheers,
Tru
--
Tru Huynh (CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.caosity.org/pipermail/centos/attachments/20050318/1ee41b36/attachment.bin