Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-1251

Content signing test plan & answer Content Signing Questions from QE

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Normal Normal
    • 2.2
    • None
    • QE
    • None
    • 4.5.0 Sprint 6, 4.5.0 Sprint 7

      QE has a few questions we'd like to answer to understand the scope of both feature and testing work involved.

      Currently, we're looking for clarification around these 5 questions:

      1. Who is responsible for testing the actual verification of collections at install time in the ansible-galaxy component?
      2. If the API for signature information must be available by January 22, and the tooling consuming this API by May 22, what is the timeline for the rest of the related work in Hub, Controller, and the Installers?
      3. Can collections have multiple signatures from multiple sources?
      4. Can synchronization remove signatures from collections?
      5. Do signatures live inside or outside the artifact tarballs?

      For more details, see this document of the current full QE plan for content signing verification: https://docs.google.com/document/d/1ntiSKnA0Xn42cIHq_WvWh3S4cQopOAT4aqDZPWKQtsw/edit#

            cspealma@redhat.com Clara Spealman
            cspealma@redhat.com Clara Spealman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: