Pulp does not currently sign its releases with a GPG key. Users often request this in IRC. It would be a significant improvement in our release process so users could be sure they were getting the real Pulp packages.
I believe all the key infra to do this is set up now. Marking as POST for "how to sign" doc review.
doc is merged, marking as MODIFIED.
fixed in pulp 2.6.0-0.2.beta
>> rpm -K pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm
pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm: rsa sha1 (md5) pgp md5 OK
>> rpm -K pulp-server-2.6.0-0.2.beta.el6.noarch.rpm
pulp-server-2.6.0-0.2.beta.el6.noarch.rpm: rsa sha1 (md5) pgp md5 OK
And for 2.5 it is like
>> rpm -K pulp-server-2.5.2-0.1.rc.el6.noarch.rpm
pulp-server-2.5.2-0.1.rc.el6.noarch.rpm: sha1 md5 OK
Moved to https://pulp.plan.io/issues/244