Sign RPM Packages with GPG Key
It is best practice to sign the generated packages with a gpg key and provide the public key for users, that use your foreman repository: http://www.rpm.org/max-rpm/s1-rpm-pgp-signing-packages.html
Would be great if packages get signed in near future.
#5 Updated by Dominic Cleal over 7 years ago
Just a small status update for anybody coming across this:
From Foreman 1.2, all release packages will be signed - this includes RCs and final releases, plus all dependencies. Nightly packages won't be signed.
The installer's been fixed via #2629 to enable gpgcheck on the repos it sets up, and foreman-release is updated in the stable branches for releases to enable GPG checking and distribute the signature.