Re: Checking signatures on package source tarballs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ralf Senderek wrote:
> I think , we can. Because the check in %prep should make sure that you've
> got the real thing. It doesn't require that you have to package everything
> that makes up the source after extraction. --

We can't. The upstream signatures are for the complete tarballs including 
the encumbered bits we cannot ship. We have to rebuild the tarball to remove 
the offending stuff, so there is no way the signature can possibly match.

        Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux