Am 08.05.24 um 22:44 schrieb Jonathan Wright via devel:
I was having trouble finding the public key(s). I'll look more into
this now.
They sign the tar archive before it is compressed, so I'll have to stray
from the standard way of verifying the sigs in the docs a little.
Here is an example of including the validation
https://src.fedoraproject.org/rpms/webkit2gtk4.0/blob/main/f/webkit2gtk4.0.spec#_203
BTW, the source and url uris in the spec file could be switched to https?!
https://src.fedoraproject.org/rpms/mdadm/blob/rawhide/f/mdadm.spec#_8
--
Leon
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
