On 07/05/2011 05:15 PM, Adam Williamson wrote: > > I didn't see any suggestion that packages be *required* to have a > signature, only that we somehow run an automated check on one if there > is one. > > Rather than making specific Source numbers special case, why not just go > on naming? The convention for signatures is to add an extension to the > name of the tarball the signature is for; that shouldn't be too hard to > implement, I don't think. Surely the automated testing tool would need a way of being fed known-trusted public keys in advance as well? -- Benjamin Lewis Returning Officer and Past-President Durham Union Society Mobile: +44 7540 379074 Office: +44 191 384 3724 Pemberton Buildings, Palace Green, Durham
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
