Here's a question from one of my upstream devels. Not sure I understand exactly what he's asking but I thought I'd post here in the hope that someone can enlighten him (and me!).
"... Arch supports signed git tags. I'm hoping Fedora does too.
I'm thinking of dropping this cumbersome process (i.e: signing and pushing the .sig and .tar.gz)
for the next release. Simply sign the tag and create a release out of
it. Can you please do a bit of research on your side to see if that's
possible?
Also, for your consideration, git now supports ssh-based signatures. I won't stop using PGP because I think distros don't support this very well but just so you know."
If we _do_ support "signed git tags" how do we code for it in the spec file? Presently I have this:
Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig
Source2: 6A6B35DBE9442683.gpg
...
%prep
%gpgverify -k 2 -s 1 -d 0
%autosetup -p1
Thanks
Bob
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
