On Tue, 2016-03-22 at 18:29 +0100, Till Maas wrote: > I already meant to file this feature request after discussing this with > Werner Koch, so here it is and hopefully it will really be implemented: > https://bugs.gnupg.org/gnupg/issue2290
Excellent; thank you. And in the meantime it's possible just to
gpg2 --dearmor $KEY.asc
gpgv2 --keyring $KEY.asc.gpg %{SOURCE1} ${SOURCE0}
> > The original draft does raise an interesting question — do we need to
> > put the upstream PGP key directly into the package git tree instead of
> > the lookaside cache?
> IMHO this makes it easier to manage, since one can just use fedpkg
> new-sources for the new tarball and signature without making sure that
> the key stays in the sources file.
And less chance of the key being changed.
--
dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- devel mailing list [email protected] http://lists.fedoraproject.org/admin/lists/[email protected]
