RPM builds are not signed

I followed your instructions on [1] and installed your repo-files. When trying to mirror that repo it failed with:

"Removing gitlab-ce-8.6.2-ce.0.el7.x86_64.rpm due to failed signature check."

I then downloaded the rpm manually and indeed, it is unsigned:

$ rpm -K gitlab-ce-8.6.2-ce.0.el7.x86_64.rpm

gitlab-ce-8.6.2-ce.0.el7.x86_64.rpm: sha1 md5 OK

Scary with unsigned packages especially when the documentation says they are supposed to be signed. Distribution chain compromised?

1: https://about.gitlab.com/downloads/#centos7

PS. I suspect this is also the reason for Issue gitlab-org/gitlab-ce#14335 .DS