Verify upstream sources with GPG
This is now a recommended thing to do: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification Regardless if it adds actual security, it should prevent problems like this one: https://mail.python.org/archives/list/python-dev@python.org/message/OYNQS2BZYABXACBRHBHV4RCEPQU5R6EP/
This commit is contained in:
Miro Hrončok
parent
428ef5ba1a
commit
a4690dd7f0
3 changed files with 11553 additions and 3 deletions
1
sources
1
sources
|
|
@ -1 +1,2 @@
|
|||
SHA512 (Python-3.6.9.tar.xz) = 05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65eed7a857af945f69efcfb25efa3788e7a54016b03d80b611eb51c3ea074819
|
||||
SHA512 (Python-3.6.9.tar.xz.asc) = 0603d73dfea181486c56f547a62610d214338068c567d02d381f8ada8189d83831b239188b2f6cf70c7dbb3a88cb7bf7455ecd1c5025e46687dfbe422c2d3809
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue