Looking at sources stored at download.kde.org I see that each package sources tarball is provided with a key to verify source integrity.
Packaging guidelines recommend [1] to use the source file verification through keys whenever possible. However, I'm unable to find where KDE provides the keyring used to generate the keys... does anyone knows where to find it?
Thanks Mattia
[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_veri...