Re: providing gpg verification for a package without signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Globe Trotter via devel wrote:
> I have been trying to package slim again. The package does not come with a signature or a gpg key. 
> 
> From https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification I don't see an option of what to do if there is no signature provided. 
> 
> Any suggestions or pointers to where I can get guidance on this?

Per the guidelines:

    Where the upstream project publishes OpenPGP signatures
    of their releases, Fedora packages SHOULD verify that
    signature as part of the RPM build process.

If upstream doesn't provide a signature for their releases,
then there isn't anything to verify.

The guideline is also a SHOULD not a MUST, so it's not a
blocker to lack signature verification (though I'd argue it
should be a very strong SHOULD, if not a MUST. ;)

It might be worth asking the upstream maintainer if they
would consider signing the release tarballs.

I have to guess that you're looking to use slim-fork, rather
than the original slim?  The latter hasn't seen any changes
since 2013¹, while the former has been updated recently to
1.4.0² (as far as I can tell with some quick searching).

¹ https://github.com/iwamatsu/slim/tags
² https://sourceforge.net/projects/slim-fork/files/

-- 
Todd

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux