Are signatures of system images verified?

[Yuri]

On 06/29/2016 14:32, Glen Barber wrote:
> But you raise a good point, poudriere does not have a good way to
> validate the base.txz unless it also unpacks bootonly.iso (or any of the
> installer media) and compares the checksums.


The possible solution is that poudriere should supply a public key as a 
part of the package, and all binaries that it downloads are also signed 
with the corresponding private key.


Yuri