On 2017-05-11 09:16, Alif M. A. wrote: > I am preparing for grub-2.02 package upgrade. > > The download mirror provides a gpg signature (.sig file), which can be > used to validate the source package. > > Does LEDE build system have a way to verify source package using gpg > signature? I'd rather use gpg verification if possible, rather than > checksum verification. There is no support for that, and I don't think it's a good idea to add it. You don't gain any extra security advantage compared to putting in the SHA256 hash of a file where you verified the .gpg signature yourself.
- Felix _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
