Commit Graph

1 Commits

Author SHA1 Message Date
Miro Hrončok
853a0fc587 Verify upstream sources with GPG
This is now a recommended thing to do:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification

Regardless if it adds actual security, it should prevent problems like this one:
https://mail.python.org/archives/list/python-dev@python.org/message/OYNQS2BZYABXACBRHBHV4RCEPQU5R6EP/
2019-11-20 10:00:34 +01:00