https://bugzilla.redhat.com/show_bug.cgi?id=1808877 --- Comment #2 from Michal Ambroz <rebus@xxxxxxxxx> --- Spec URL: http://rebus.fedorapeople.org/SPECS/aesfix.spec SRPM URL: http://rebus.fedorapeople.org/SRPMS/aesfix-1.0.1-2.fc31.src.rpm > Start the summary with a Capital Letter. fixed > I don't have much experience with gpg, so I have to ask - any reason why this can't be done in %prep? Obtaining and manually verifying the key is one-time process. To have some potential to verify a signature on a package, it should not be based solely on the signature iself. Here the search for the key is based actually on different package (aeskeyfind) and then it is applied to verify this package as well. As the keyring is not published by the upstream I have tried to get it from the public keyservers. To comply with the https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures I have documented here how I obtained the key. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
