[Fedora-packaging] signing

Paul Morgan jumanjiman at gmail.com
Mon Apr 23 22:12:16 UTC 2012

On Apr 23, 2012 2:51 PM, "Christopher Howard" <
christopher.howard at frigidcode.com> wrote:
> I build my RPMs on one system but GPG sign them on another, which seems
> to work fine with the rpmsign command. I was just wondering: is it
> customary to sign just the source RPM, or both the source and binary
> RPMs? Does it hurt anything to sign both?

I sign both srpm and rpm as myself (the packager).

they get re-signed with the deployment key when it's copied to the yum

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/packaging/attachments/20120423/f469229e/attachment.html>

More information about the packaging mailing list