On Tue, 2016-03-22 at 22:45 +0100, Björn Persson wrote: > > I suppose so, at least if the key is specified as only a filename. What > will it do if a URL to the key is provided, and the key at that location > has been modified? Will it replace the key with the modified one in the > scratch build, … That behaviour would be... suboptimal. The key (or at least its fingerprint) should be committed directly to pkg git after being obtained through some trusted method — which depends on how upstream publishes it. For reference, I put a couple of examples into https://fedorahosted.org/fpc/ticket/610#comment:6 -- David Woodhouse Open Source Technology Centre David.Woodhouse@xxxxxxxxx Intel Corporation
<<attachment: smime.p7s>>
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
