> 2) Sign stuff manually using SHA512sum and openssl's whirlpool (see my > PKGBUILDs for an example of this fail-safe); and import any GPG > signatures from upstream as needed, adding them to validpgpkeys field > for GPG verification.
Fix the tools so no manual work is needed here. > 3) Sign the PKGBUILD with GPG: > gpg --default-key [YOURKEYID] -b PKGBUILD Another manual step; also puts non-source files in the git repo. No code review is in this procedure.
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
