[Dev] New packaging standards/policy discussion
Michał Masłowski
mtjm at mtjm.eu
Fri Jul 31 17:24:04 GMT 2015
> 2) Sign stuff manually using SHA512sum and openssl's whirlpool (see my
> PKGBUILDs for an example of this fail-safe); and import any GPG
> signatures from upstream as needed, adding them to validpgpkeys field
> for GPG verification.
Fix the tools so no manual work is needed here.
> 3) Sign the PKGBUILD with GPG:
> gpg --default-key [YOURKEYID] -b PKGBUILD
Another manual step; also puts non-source files in the git repo.
No code review is in this procedure.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150731/d1147398/attachment.sig>
More information about the Dev
mailing list