help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Packaging packages with GPG signed source archives


From: Arun Isaac
Subject: Re: Packaging packages with GPG signed source archives
Date: Thu, 01 Sep 2016 00:07:56 +0530
User-agent: mu4e 0.9.16; emacs 24.5.1

> Does Parabola have some sort of keyring that all the upstream keys go
> into? Or did I misinterpret your suggestion? I'm not familiar with the
> Parabola package management system.

No, Parabola does not collect upstream keys into any centralized keyring.

When you are building a package from source, the Parabola build system
verifies the GPG signature of the source archive if the developer's key
is in your keyring. Else, it raises an error and asks you to get the
required key manually. There is also an option that tells the build
system to automatically fetch the key if it is not in your keyring.

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]