Details

    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: RPM
    • Labels:
      None

      Description

      Currently Artifactory will only sign an RPM repository's repomd.xml file. It will only generate repomd.xml.asc and repomd.xml.key files under the repodata folder.

      A useful feature to ensure the RPM files themselves have been signed would be to add an option to sign them. This would use Artifactory's existing GPG signing functionality, extended to .rpm files. This is already done by Bintray, and would enhance Artifactory's functionality.

      As this may be a more computationally intensive task, this could probably be implemented as a toggle-able option under the Signing section of the Artifactory UI, or a system setting.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                patrickr Patrick Russell
              • Votes:
                4 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: