Store PGP keys for source file signatures alongside PKGBUILDs

added 1 commit

225b25fa - Store PGP keys for source file signatures in SVN

This RFC would be a great addition, as I have adopted more than a few packages that require PGP key(s) that are not listed anywhere (given that the SKS keyservers are essentially dead).

I'm fine with this IF it is fully automated in some fashion. Still, it would be the maintainer's job to validate whatever the automation does, including revoked/expired keys, etc. But, since we're going this way, why not embed the keys inside the PKGBUILD itself?

added 1 commit

5822a622 - Store PGP keys for source file signatures in SVN

Compare with previous version

changed title from Store PGP keys for source file signatures in SVN to Store PGP keys for source file signatures alongside PKGBUILDs

resolved all threads

approved this merge request

I personally use this kind of setup for a while now, where there is an extra file validpgpkeys.asc which contains the keys that can sign a release.

I would also rather prefer a single *.asc file over a couple of random asc files next to the PKGBUILD

But anyway it goes I like the idea

approved this merge request

mentioned in merge request devtools!98 (merged)

resolved all threads

added 3 commits

5822a622...28987353 - 2 commits from branch archlinux:master
5f82334e - Store PGP keys for source file signatures in SVN

Compare with previous version

merged

Admin message

Store PGP keys for source file signatures alongside PKGBUILDs

Merge request reports

Activity