f5bc9a8383
Many years ago, the GPG signature file was included in the source list¹. A compromise at kernel.org caused the tarballs to move to googlecode.com for a number of releases and the signatures were not provided in an easily downloaded format². When the source location was moved back to kernel.org, the signature file had already been removed from the spec file and was not re-added³. There is an effort underway to make GPG signature verification a requirement when upstream provides signatures⁴. Regardless of whether this becomes a requirement in the packaging guidelines, verification of upstream signatures makes good sense. It also makes the process easier for git package maintainers, who are (or should be ;) doing this manually for each upstream git release. While adding the signatures to the source list, all non-upstream source files were moved to Source10 and above. This should make it easier to add new upstream source files in the future, avoiding the need for tedious (and error-prone) renumbering of existing sources. Remove the unused entry for Patch14 also. ¹ea3f253Include gpg signature for tarball in SRPM (2011-08-26) ²c57f383Update to 1.7.9.1 (2012-02-15) ³b741f45Change source URLs, as googlecode doesn't have up-to-date tarballs (2014-06-10) ⁴ https://fedorahosted.org/fpc/ticket/610 https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2TBK4LLNRH73QJQSXWFPCQYHGTSJ3C7P/
7 lines
348 B
Plaintext
7 lines
348 B
Plaintext
b0219fcb6d73104361f4fbdba3741d00 git-2.7.4.tar.xz
|
|
d37654c45897afa4501fe7bc138b576f git-htmldocs-2.7.4.tar.xz
|
|
52507ee81f9aac0abf85160398cd3e81 git-manpages-2.7.4.tar.xz
|
|
ed0dffdb32bc3c49673947ed99d421af git-2.7.4.tar.sign
|
|
717564d0ffd3cc2416df28ff73234be3 git-htmldocs-2.7.4.tar.sign
|
|
d5d42db9e7923a0ce8a0b0210d62d5e5 git-manpages-2.7.4.tar.sign
|