On Mon, 4 Jul 2011 23:53:38 -0400 (EDT), PW (Paul) wrote: > It would be nice if we could upload/commit the .asc or .sig file, and have > the rpmbuild script > automatically check the tar ball.
Some packagers do upload the detached sig and add it to the spec as another Source file URL. The uploaded tarball checksum enters the "sources" file in git, and any tarball downloaded from the lookaside cache MUST match that checksum. Else it wouldn't be downloaded and used. Source RPM build in koji would fail. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
