Re: Checking signatures on package source tarballs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

David Woodhouse wrote:
> Our packaging guidelines really ought to mandate that *if* upstream
> publishes GPG or PKCS#7/CMS signatures of source tarballs, then the
                                                           ^
and if the upstream tarball can legally be redistributed as is
> package *must* verify those signatures as part of %prep.

If we need to repackage the tarball to remove patent-encumbered or otherwise 
illegal or non-redistributable files, we cannot do this.

        Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux