-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 2017-09-04 at 11:29 +0100, Daniel P. Berrange wrote: > A number of packages that I maintain have GPG signatures provided > alongside > the sources for new releases. Is there any best pratice approach / > RPM macro > magic for verifying the GPG signature of sources during build, or are > packagers just (re)inventing the wheel each time ? There is some draft[0] available, but I can't find FPC ticket on it. > > Regards, > Daniel > -- > > : https://berrange.com > > -o- https://www.flickr.com/photos/dberrange :| > > : https://libvirt.org > > -o- https://fstop138.berrange.com :| > > : https://entangle-photo.org > > -o- https://www.instagram.com/dberrange :| > [0] https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures - -- - -Igor Gnatenko -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhLFO09aHZVqO+CM6aVcUvRu8X0wFAlmtNhAACgkQaVcUvRu8 X0zULg/+NFtXY54w+MEmkv8OHCyXvHnyMhJWKLYnNIncs7pwBuVWWS6ZbxfcbEXC 7r+lKlhRmMEDbnmW8P4lzSzfNh3njiq8MH23w6DT6m9bbh+UeSYoZ49lFoARM63X ltNtcHd53h8+8CcX7I5WdlWY48wqwZZU/qYU7pE0ZvyPrt0l53IFGujjUw76bDdm H0VyM1F4tVW0Tae+uIwtK1woQEN4uGigHBR3KYatEi/xdKnCEriWL2gS7IZrn3Ek vddr7hXaNWuUid79SxsYvA6Q4gpEBLlRrCpeTVCJgTZhY9bIkghfid4p3ZA022sS TZAVvwYGC94DOePTOvxERZLp1wNZzxQRXBGdxMryVwetZK+d+qHc+Bb+owx7fTVg WBLTnp48G/KCLWiVyV817fq/S8Nn/jqucF3ool3k91DDD4McNFYGqigqflYe41jy 9hLP6Pzb7RCxR2Nk+pZrfe8Zwk6DRO3Y6sZuFQTBVgxyxinIaEQ+kXOreW6wXi7J mgvJ0QD4X8+i5++yMFPBau5PQxdojJm/rzYLm9ePJsUdS/vg0tx2sLUh2YVwsbC9 rRlLN7ziegv7YCJK1uDi60QwOzRLgRWwKUVhj5MNKPlUMXaepOFj3nt66j+jBD/U Be18rCG6vJAR4796Gziy8a+ueu2rN3F+QiIYvm9EtuWz/DZzwP0= =Epz5 -----END PGP SIGNATURE----- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
