Stanislav Brabec wrote:
I just implemented signature verification for all packages, that already contained signature and/or trusted keyring. But I did not verify, that signature submitted by packagers is the signature of the real author.
Just a hint for people, who got one of these request: If you want to build package for older SUSE versions and don't want to link or aggregate gpg-offline to your devel projects nor use ugly prjconf trick, feel free to add %if statements to your spec file. Example: Source2. %{name}.keyring +%if 0%{?suse_version} > 1220 BuildRequires: gpg-offline +%endif ... %prep +%if 0%{?suse_version} > 1220 %gpg_verify %{S:1} +%endif %setup -q -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbrabec@suse.cz Lihovarská 1060/12 tel: +49 911 7405384547 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org