Bug 1128788 - Pulp's releases should be GPG signed
Summary: Pulp's releases should be GPG signed
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Pulp
Classification: Retired
Component: user-experience
Version: 2.4.0
Hardware: All
OS: Linux
high
high
Target Milestone: ---
: 2.6.0
Assignee: Chris Duryee
QA Contact: Irina Gulina
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-11 14:35 UTC by Randy Barlow
Modified: 2015-02-28 23:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-19 01:18:49 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Pulp Redmine 244 None None None Never

Description Randy Barlow 2014-08-11 14:35:19 UTC
Pulp does not currently sign its releases with a GPG key. Users often request this in IRC. It would be a significant improvement in our release process so users could be sure they were getting the real Pulp packages.

Comment 1 Chris Duryee 2014-10-30 20:22:24 UTC
https://github.com/pulp/pulp/pull/1268

I believe all the key infra to do this is set up now. Marking as POST for "how to sign" doc review.

Comment 2 Chris Duryee 2014-11-06 20:46:38 UTC
doc is merged, marking as MODIFIED.

Comment 3 Chris Duryee 2014-12-23 20:52:53 UTC
fixed in pulp 2.6.0-0.2.beta

Comment 4 Irina Gulina 2015-01-06 11:50:44 UTC
>> rpm -K pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm 
pulp-server-2.6.0-0.2.beta.fc20.noarch.rpm: rsa sha1 (md5) pgp md5 OK

>> rpm -K pulp-server-2.6.0-0.2.beta.el6.noarch.rpm
pulp-server-2.6.0-0.2.beta.el6.noarch.rpm: rsa sha1 (md5) pgp md5 OK

And for 2.5 it is like
>> rpm -K pulp-server-2.5.2-0.1.rc.el6.noarch.rpm
pulp-server-2.5.2-0.1.rc.el6.noarch.rpm: sha1 md5 OK

Comment 5 Brian Bouterse 2015-02-19 01:18:49 UTC
Moved to https://pulp.plan.io/issues/244


Note You need to log in before you can comment on or make changes to this bug.