-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On Mon, 2017-09-04 at 11:29 +0100, Daniel P. Berrange wrote:
A number of packages that I maintain have GPG signatures provided alongside the sources for new releases. Is there any best pratice approach / RPM macro magic for verifying the GPG signature of sources during build, or are packagers just (re)inventing the wheel each time ?
There is some draft[0] available, but I can't find FPC ticket on it.
Regards, Daniel --
: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| : https://libvirt.org -o- https://fstop138.berrange.com :| : https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
[0] https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures - -- - -Igor Gnatenko
packaging@lists.fedoraproject.org