On Tue, Jan 5, 2021 at 6:41 PM Florian Weimer <fweimer(a)redhat.com> wrote:
* Ben Cotton:
> During signing builds, the files in it will be signed with IMA
> signatures.. These signatures will be made with a key that’s kept by
> the Fedora Infrastructure team, and installed on the sign vaults.
What is the impact on RPM database size?
They're stored in xattr so it shouldn't have any noticeable impact,
although Patrick can confirm the details of that.
Will GPLv3 packages be excluded, or will the signing keys be
provided
upon request?
The public key?