I build my RPMs on one system but GPG sign them on another, which seems to work fine with the rpmsign command. I was just wondering: is it customary to sign just the source RPM, or both the source and binary RPMs? Does it hurt anything to sign both? -- frigidcode.com indicium.us
Attachment:
signature.asc
Description: OpenPGP digital signature
-- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
