theforeman
Check GPG key on Candlepin repository
We are using versioned and signed Candlepin repositories, so there is no reason to mark gpgcheck as 0 in rpm/develop. This will then make it easier when branching as no special actions are needed.
While on this would be this also a good time to look in the user request to have the key in the repository online in addition to the package?
I thought we wanted to track the nightly version instead.
I am more leaning towards nightly is more work than it's worth due to the slower update cycle, and ease of which it is to update Candlepin. And that it saves energy and time to just align on a version of Candlepin.
I think the biggest challenge is that you'd constantly need to change the default branch. We saw with pulpcore-packaging that people forget. Git clones also don't automatically pick that up either. It's kind of unfortunate.
I don't think GitHub support branch aliases.
I think the biggest challenge is that you'd constantly need to change the default branch. We saw with pulpcore-packaging that people forget. Git clones also don't automatically pick that up either. It's kind of unfortunate.
I don't think GitHub support branch aliases.
I'm not following how git and branches affect.
This would also require to be updated in https://github.com/theforeman/forklift/blob/a94af75f4d3ecbae54c407a3598dea427659438a/roles/candlepin_repositories/tasks/main.yml#L7 (and then that role have access to the key somehow, e.g. by it being reachable via an URL) as in the pipelines we do not use the release RPM.
Thanks for tackling that! I'll let you do the honors of updating https://community.theforeman.org/t/could-the-candlepin-gpg-keys-be-published-somewhere-http-reachable/38193 with the news