diff options
Diffstat (limited to 'doc/administration/package_information/signed_packages.md')
| -rw-r--r-- | doc/administration/package_information/signed_packages.md | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/doc/administration/package_information/signed_packages.md b/doc/administration/package_information/signed_packages.md index 638dd7820b8..b2aab96e52c 100644 --- a/doc/administration/package_information/signed_packages.md +++ b/doc/administration/package_information/signed_packages.md @@ -6,13 +6,22 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Package Signatures **(FREE SELF)** -Omnibus GitLab packages produced by GitLab are created via the [Omnibus](https://github.com/chef/omnibus) tool, for which GitLab has added DEB signing via `debsigs` in [our own fork](https://gitlab.com/gitlab-org/omnibus). This addition, combined with the existing functionality of RPM signing, allows GitLab to provide signed packages for all supported distributions using DEB or RPM. +Linux packages produced by GitLab are created using [Omnibus](https://github.com/chef/omnibus), for which GitLab +has added DEB signing using `debsigs` in [our own fork](https://gitlab.com/gitlab-org/omnibus). -These packages are produced by the GitLab CI process, as found in the [Omnibus GitLab project](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/.gitlab-ci.yml), prior to their delivery to <https://packages.gitlab.com> to ensure provide assurance that the packages are not altered prior to delivery to our community. +Combined with the existing functionality of RPM signing, this addition allows GitLab to provide signed packages for all +supported distributions using DEB or RPM. + +These packages are produced by the GitLab CI process, as found in the +[`omnibus-gitlab` project](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/.gitlab-ci.yml), +prior to their delivery to <https://packages.gitlab.com> to provide assurance that the packages are not altered prior +to delivery to our community. ## GnuPG Public Keys -All packages are signed with [GnuPG](https://www.gnupg.org/), in a method appropriate for their format. The key used to sign these packages can be found on [MIT PGP Public Key Server](https://pgp.mit.edu) at [0x3cfcf9baf27eab47](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3CFCF9BAF27EAB47) +All packages are signed with [GnuPG](https://www.gnupg.org/), in a method appropriate for their format. The key used to +sign these packages can be found on [MIT PGP Public Key Server](https://pgp.mit.edu) at +[`0x3cfcf9baf27eab47`](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3CFCF9BAF27EAB47). ## Verifying Signatures |