Open bayramka opened 7 months ago
I don't think we currently sign our packages.
could you please sign and share gpg key?
Status: until cosign supports this, I don't think we'll implement. Creating, maintaining, and keeping a key secure is one of the reasons we decided to go with cosign.
If you want to verify the packages on your own, you can use cosign for that, but unfortunately, there's no way to use standard RPM tools for that (AFAIK).
Hi,
Oracle Linux 9 requires first importing GPG key before installing rpm package using ansible. Could you provide gpg key for releasing each rpm?
Thanks