Skip to content

Commit

Permalink
Drop rpms-signature-scan from fbc required tasks
Browse files Browse the repository at this point in the history 
FBC images are "catalog fragments" that are never actually shipped.
They only exist to convey data to the process that updates the global
index image. It is unreasonable to scan them for rpm content.

Even if they somehow included unsigned rpm content, that content is
never going to be exposed.
  • Loading branch information
@ralphbean
ralphbean committed Oct 18, 2024
1 parent aef8f46 commit 4efc914
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion data/required_tasks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ pipeline-required-tasks:
- [git-clone, git-clone-oci-ta]
- init
- inspect-image
- rpms-signature-scan
- show-sbom
- effective_on: "2024-06-17T00:00:00Z"
tasks:
Expand Down

0 comments on commit 4efc914

Please sign in to comment.