[Dev] New packaging standards/policy discussion

Michał Masłowski mtjm at mtjm.eu
Fri Jul 31 17:24:04 GMT 2015

> 2) Sign stuff manually using SHA512sum and openssl's whirlpool (see my
> PKGBUILDs for an example of this fail-safe); and import any GPG
> signatures from upstream as needed, adding them to validpgpkeys field
> for GPG verification.

Fix the tools so no manual work is needed here.

> 3) Sign the PKGBUILD with GPG:
> gpg --default-key [YOURKEYID] -b PKGBUILD

Another manual step; also puts non-source files in the git repo.

No code review is in this procedure.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150731/d1147398/attachment.sig>

More information about the Dev mailing list