Utility for secure communication and data storage
9308d65403
Per the guidelines¹, verify upstream signatures, unless we are in bootstrap mode. The fingerprints of the keys contained in signature_key.asc were checked against the upstream page (https://gnupg.org/signature_key.html). One downside is that we are unable to verify signatures made with only the brainpool key. The hope is that such releases are relatively rare and the benefit of automated signature verification outweighs the hassle of handling such releases. For these releases, set skip_verify to 1, as we've done here. Afterward, reset it to 0. ¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification |
||
|---|---|---|
| .gitignore | ||
| gnupg2-yk5.patch | ||
| gnupg2.spec | ||
| gnupg-2.1.1-fips-algo.patch | ||
| gnupg-2.1.10-secmem.patch | ||
| gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch | ||
| gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch | ||
| gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch | ||
| gnupg-2.2.20-file-is-digest.patch | ||
| gnupg-2.2.21-coverity.patch | ||
| gnupg-2.2.23-large-rsa.patch | ||
| signature_key.asc | ||
| sources | ||