On 29 Mar 2016 18:08, "Ralf Senderek" <fedora@senderek.ie> wrote:
>
> > David Woodhouse wrote:
>
> > If we need to repackage the tarball to remove patent-encumbered or otherwise
> > illegal or non-redistributable files, we cannot do this.
>
> I think , we can. Because the check in %prep should make sure that you've got the real thing.
> It doesn't require that you have to package everything that makes up the source after extraction.

The issue isn't the binary RPM but rather the SRPM which would need to include the signed tarball (and the lookaside cache for the sources of course) so that %prep works in koji.

It's fine as an optional thing but wouldn't work as mandatory one.

And of course with the packager uploading both the key and the archive to git with no net access in koji to verify the key I really don't see what this actually gives us beyond a heads up to a sleeper maintainer that he doesn't have an official tarball when built locally...