115074 – Individual RPMs should be signed in addition to tar bundle

Bug 115074 - Individual RPMs should be signed in addition to tar bundle

Summary: Individual RPMs should be signed in addition to tar bundle

Status:	RESOLVED WONTFIX

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Installation (show other bugs)
Version: (earliest affected)	5.3 all versions
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium enhancement
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-01-17 17:35 UTC by satya.devel
Modified:	2018-12-07 19:34 UTC (History)
CC List:	1 user (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description satya.devel 2018-01-17 17:35:09 UTC

Description:
Currently only the tar bundle of RPMs is signed with a GPG key. If the system is setup to only accept signed packages, the individual packages fail to install and require manual intervention. It would be great if the RPM files were signed as well.

Steps to Reproduce:
1. expand RPM tar file
2. cd expanded_path/RPMS && yum localinstall *.rpm


Actual Results:  
Package libobasis5.3-core-5.3.7.2-2.x86_64.rpm is not signed                                                                                                         


Expected Results:
Package should install


Reproducible: Always


User Profile Reset: No



Additional Info:


User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Comment 1 Joel Madero 2018-12-07 19:34:52 UTC

I've spoken with the person in the project who packages and he said this is a WONTFIX. Closing the bug report. If you're interesting in why, please send an email to the dev mailing list and I'm sure someone will explain. Thanks!