Does the source package (i.e. the tar.gz from upstream) has to be signed by the developer?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Security of upstream tarballs / pgp keys? | 17 | 368 | April 12, 2024 | |
| What is the best way to package a sub dir of a github repo | 7 | 164 | October 11, 2024 | |
| RFC: What you don't like about RPM packaging? | 32 | 3593 | January 19, 2022 | |
| Verifying the authenticity of files uploaded to the lookaside cache | 14 | 542 | May 8, 2025 | |
| Looking for review for my first RPM package | 5 | 646 | March 28, 2019 |