18 Jun
2013
18 Jun
'13
07:59
On Tuesday 2013-06-18 09:39, Stephan Kulow wrote:
I consider verifying the gpg signature in the spec file wasted time - at least if it's as expensive as it is, so the right way IMO is to integrate it into the source_validator.
There goes the benefit of validation... If it is not checked at build time, how is one supposed to know that the data committed to the srcserver is actually untampered.. A question for all the verification promoters ;-) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org