On Thu, Sep 06, 2012 at 11:28:17AM +0200, Michael Schroeder wrote:
On Thu, Sep 06, 2012 at 11:24:38AM +0200, Ludwig Nussel wrote:
I wonder whether this could be integrated in rpm directly. Something like
Keys: keys.asc Source0: http://www.foo.bar/%name-%version.tar.bz2 Signature0: http://www.foo.bar/%name-%version.tar.bz2.asc
Then rpm (or the download_url servie) could check the signatures automatically.
Signatures in the spec files (be it gpg signatures ore checksums) were discussed on the rpm list some years ago, but nothing happened. Maybe it's time to start that discussion again.
Hallo, thanks for the feedback. I thing Ludwig's idea is more flexible, than ours. And having it in upstream is awesome - on the other hand we should not wait on upstream and accept our own macro-based approach before this will be done in upstream. The change to upstream approach will be trivial then. Ludwig want to meet at openSUSE conference to discuss it. I asked Michal Hrusecky and there are free Ad-Hoc rooms on Monday and Tuesday. Unfortunatelly the schedule is still not public, so we need to wait till it will be public to find a reasonable time for everyone. Regards Michal Vyskocil