Comment 4 for bug 1574113

Hi Andres and Mike,

using early_command it's not an option because in that stage the target (the chrooted image ) is not ready, so using early stage I'm able to add the key in the installing system but not in the chroot system (the real one).

To create the mirror I'm using reprepro, the mirror is well configured but I'm not sure that I can avoid the the signature of Release file.

We are talking about the metadata of the mirror not the packages , I mean the metadata of this mirror (Release InRelease etc) are generated and signed by reprepro, I don't need to sign the packages, there are no changes in the packages.
If there is a way to avoid the signature please let me know, I'm ok with that solution for now.

 In later stages we will use landscape to manage the life cycle of the packages and the signature of the packages will be mandatory.

I'm using reprpro because the mirror should be as small as possible in this initial phase, using reprepro I can filter easily the contents of the mirror, it's quite simple to use and stable, but if you have suggestion in order to workaround this problem I'm happy to try valid alternatives.