[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [qemu-web PATCH] Add signing pubkey for python-qemu-qmp package
From: |
Andrea Bolognani |
Subject: |
Re: [qemu-web PATCH] Add signing pubkey for python-qemu-qmp package |
Date: |
Tue, 23 Aug 2022 04:16:11 -0500 |
On Thu, Aug 18, 2022 at 12:53:58PM -0400, John Snow wrote:
> Add the pubkey currently used for signing PyPI releases of qemu.qmp to a
> stable location where it can be referenced by e.g. Fedora RPM specfiles.
>
> At present, the key happens to just simply be my own -- but future
> releases may be signed by a different key. In that case, we can
> increment '1.txt' to '2.txt' and so on. The old keys should be left in
> place.
>
> The format for the keyfile was chosen by copying what OpenStack was
> doing:
> https://releases.openstack.org/_static/0x2426b928085a020d8a90d0d879ab7008d0896c8a.txt
>
> Generated with:
> > gpg --with-fingerprint --list-keys jsnow@redhat.com > pubkey
> > gpg --armor --export jsnow@redhat.com >> pubkey
You might want to pass
--export-options export-minimal
to the second command in order to obtain a significantly smaller file
that can still serve the intended purpose.
--
Andrea Bolognani / Red Hat / Virtualization