Hi. I am trying to package a program. The upstream provided sha256sum.asc file. Verifying tarball with that signature says, Can't check signature: No public key. I found his public key in key directory by searching his email and added that key. Now gpg says Bad signature from that person. Also upstream didn't provide gpg keyring in his project. What should I do?
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
