Some time ago, the Hyperscale SIG created an [infra ticket](https://pagure.io/centos-infra/issue/307) asking to be able to build their packages to be working on SecureBoot enabled machines. This ticket isn't about technical discussion, but more about the underlying question that seems to go in loop between multiple stakeholders when trying to answer the question, so here we go : What's the official CentOS Project board position on the SIGs and how far they should be trusted ? RPM packages built by SIGs are actually signed with their dedicated gpg key, and outside of the distro builders infra. But for secureboot, (because of the chain of trust), a kernel built (and signed at build time) with a different key/cert wouldn't boot on the 8-stream because the shim/grub2 packages wouldn't recognize the new key. Didn't want to dive into tech details, but if we can get an answer from the board about trusting or not the SIGs in such particular situation would be good, and then moving this forward if possible (or just answer "no" to the SIGs) _This issue ticket was originally created [here](https://git.centos.org/centos/board/issue/67) on a Pagure repository, [**centos/board**](https://git.centos.org/centos/board) by [**Fabian Arrotin**](https://accounts.fedoraproject.org/user/arrfab) on [**Tue Dec 7 20:05:05 2021** UTC](https://savvytime.com/converter/utc/dec-07-2021/20-05)._ _This issue ticket was automatically created by the [**Pagure Exporter**](https://github.com/gridhead/pagure-exporter)._