[praiskup]
I'm afraid there will be a need for after-upload (re)signing, at least from time to time. We did a mass resign before, and resigning is quite common for Koji. Also, for example there's a Copr related problem with rpm && "prolonged" signing keys
(we have to solve this somehow, and we are not quite sure what to do right now, re-signing is one of the options)
Is your feature request related to a problem? Please describe.
Copying from https://github.com/pulp/pulp_rpm/issues/2986, which focused on upload-time signing:
Describe the solution you'd like Be able to sign RPM packages after they are already in Pulp.
Describe alternatives you've considered Ask people to get an RPM from Pulp and do a on-upload signature (inefficient).
Additional context Some context and useful discussion can be found in #2986 General notes: