David Woodhouse wrote:
> Our packaging guidelines really ought to mandate that *if* upstream
> publishes GPG or PKCS#7/CMS signatures of source tarballs, then the
^
and if the upstream tarball can legally be redistributed as is
> package *must* verify those signatures as part of %prep.
If we need to repackage the tarball to remove patent-encumbered or otherwise
illegal or non-redistributable files, we cannot do this.
Kevin Kofler
--
devel mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/[email protected]
