f5bc9a8383
Many years ago, the GPG signature file was included in the source list¹. A compromise at kernel.org caused the tarballs to move to googlecode.com for a number of releases and the signatures were not provided in an easily downloaded format². When the source location was moved back to kernel.org, the signature file had already been removed from the spec file and was not re-added³. There is an effort underway to make GPG signature verification a requirement when upstream provides signatures⁴. Regardless of whether this becomes a requirement in the packaging guidelines, verification of upstream signatures makes good sense. It also makes the process easier for git package maintainers, who are (or should be ;) doing this manually for each upstream git release. While adding the signatures to the source list, all non-upstream source files were moved to Source10 and above. This should make it easier to add new upstream source files in the future, avoiding the need for tedious (and error-prone) renumbering of existing sources. Remove the unused entry for Patch14 also. ¹ea3f253Include gpg signature for tarball in SRPM (2011-08-26) ²c57f383Update to 1.7.9.1 (2012-02-15) ³b741f45Change source URLs, as googlecode doesn't have up-to-date tarballs (2014-06-10) ⁴ https://fedorahosted.org/fpc/ticket/610 https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2TBK4LLNRH73QJQSXWFPCQYHGTSJ3C7P/
9 lines
66 B
Plaintext
9 lines
66 B
Plaintext
*~
|
|
*.gpg
|
|
*.rpm
|
|
*.sign
|
|
*.tar.xz
|
|
/.build*.log
|
|
/git-*/
|
|
/results_git/
|