33 lines
1.5 KiB
Cheetah
33 lines
1.5 KiB
Cheetah
These set of repositories (or "compose") is for {{ fullname }} and was generated
|
|
using Empanadas {{ version }} from the SIG/Core Toolkit.
|
|
|
|
As this is not a traditional compose, there will be things that you might be
|
|
expecting and do not see, or not expecting and do see. While we attempted to
|
|
recreate a lot of those elements, it's not perfect. In the future, we do plan on
|
|
having more metadata and providing client libraries that can ingest this type
|
|
of metadata that we produce for easy consumption.
|
|
|
|
# Notes #
|
|
|
|
## Checksums ##
|
|
|
|
CHECKSUM Validation: https://github.com/rocky-linux/checksums
|
|
|
|
Traditionally, we would "sign" the checksum files with the current GPG key of a
|
|
major release. However, due to how the new build system operates and for
|
|
ensuring strong security within the build system as it pertains the signing
|
|
keys, this is no longer possible. It was determined by SIG/Core or Release
|
|
Engineering to instead provide verified signed commits using our keys with
|
|
RESF/Rocky Linux email domain names to a proper git repository. Our signing keys
|
|
are attached to our GitHub and RESF Git Service profiles.
|
|
|
|
If you are looking for "verification" of the ISO checksums and were expecting a
|
|
`CHECKSUM.sig`, it is highly recommended to visit the link above instead.
|
|
|
|
To verify our signature, click on "commits" and click the green "Verified"
|
|
button where you will see a GPG key ID. You can then search for this ID at the
|
|
any of the following:
|
|
|
|
https://keys.openpgp.org/
|
|
https://keyserver.ubuntu.com
|