On Mon, Jan 20, 2014 at 10:49:07AM -0700, Kevin Fenzi wrote:
It's pretty much impossible with our current signing setup to sign rawhide style repos. ;)
Ah, okay. Glad to have misunderstood there. :)
There is a koji plugin to sign all built packages, but it stores gpg keys on the hub, passphrases in the koji config and is pretty much never going to be acceptable to upstream koji to add.
Maybe an intermediate thing would be a less-secure-than-sigil-but-still- separate automatic signing server?