https://bugzilla.redhat.com/show_bug.cgi?id=1834731 --- Comment #30 from Simone Caronni <negativo17@xxxxxxxxx> --- Thanks, I've added signature verification which is a bit from all comments above. The packaging guidelines are pretty clear about signatures, so: - Key is downloaded from the keyserver (as also suggested by upstream) and instructions are in the SPEC file. - Key is added to the Fedora SCM (aka it's in git). - Detached signed checksum is in the lookaside cache (aka it's in the sources file). - Since /usr/lib/rpm/redhat/gpgverify (aka %gpgverify) does not support signed sums files I've replaced it with gpgv2/sha256sum commands. I will also add the SHA256UM.asc file in the .gitignore file once approved so there is no chance that the hashed checksum gets into SCM and can only go into the lookaside cache. Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-3.fc32.src.rpm * Sat Jul 18 2020 Simone Caronni <negativo17@xxxxxxxxx> - 0.20.0-3 - Add signature verification. - Trim changelog. - Fix typo in the libs description. I will start working on the SELinux part hopefully soon (terribly busy in real life). -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
