Signed RPM Packages

Jason Woods devel at
Fri May 16 18:16:35 CEST 2014


I followed installation at:

But noticed that the GPG signature checking of the RPMs was not enabled, and the RPMs were transferred over plaintext HTTP!
I did re-enabled the signature checking but it seems none of the packages are actually signed.

Are there plans to sign the packages? As I'm unable to use them in this state.
I did find references to "signing corrupts the packages" - maybe I could offer help looking into the problem? It would be really useful to have them signed.

NB: It would be good for the installation page mentioned to also state the packages are not signed and transferred via HTTP. Just so one can make a judgement call, as at the moment it could easily be missed.



More information about the varnish-misc mailing list