[Dev] New packaging standards/policy discussion

fauno fauno at endefensadelsl.org
Thu Jul 30 22:32:54 GMT 2015

Luke <g4jc at openmailbox.org> writes:
> 3) Sign the PKGBUILD with GPG:
> gpg --default-key [YOURKEYID] -b PKGBUILD
> 4) Enable GPG signing in your gitconfig so that our commits are also
> signed. I've added this one-liner to the wiki already and fauno is also
> using it.
> Then simply: git add -f PKGBUILD PKGBUILD.sig; git commit -m "pushing my
> signed package with signed commit"; git push (same as before)

i don't see why signing the pkgbuild is required when signing the whole
commit achieves the same thing and is easily verifiable with: git pull
--rebase --verify-signatures

i'm ok with the other points

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150730/a455a5d7/attachment.sig>

More information about the Dev mailing list