Miro Hrončok
|
ebd8f4efe1
|
Verify GPG signature of upstream tarball when building the package
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
> Any detached signature file (e.g. foo.tar.gz.asc or foo.tar.gz.sig) must be
> uploaded to the package lookaside cache alongside the source code, while
> the keyring must be committed directly to the package SCM.
Closes: https://src.fedoraproject.org/rpms/csdiff/pull-request/1
|
2022-03-15 17:02:13 +01:00 |