Miro Hrončok
|
801f8124ba
|
Verify GPG signature of upstream tarball when building the package
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
> Any detached signature file (e.g. foo.tar.gz.asc or foo.tar.gz.sig) must be
> uploaded to the package lookaside cache alongside the source code, while
> the keyring must be committed directly to the package SCM.
|
2022-03-15 17:33:29 +01:00 |
|