From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arun Isaac <arunisaac@systemreboot.net>
Subject: Re: Packaging packages with GPG signed source archives
Date: Thu, 01 Sep 2016 00:07:56 +0530
Message-ID: <cu7k2ewpywr.fsf@systemreboot.net>
References: <cu7d1kpv6qc.fsf@systemreboot.net> <87oa49crz1.fsf@gmail.com>
	<cu7shtlz8eq.fsf@systemreboot.net> <20160831172204.GB28096@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51331)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arunisaac@systemreboot.net>) id 1bfAP4-0003Sm-SZ
	for help-guix@gnu.org; Wed, 31 Aug 2016 14:38:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arunisaac@systemreboot.net>) id 1bfAP0-0001eQ-NP
	for help-guix@gnu.org; Wed, 31 Aug 2016 14:38:25 -0400
Received: from [117.218.232.8] (port=48934 helo=systemreboot.net)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arunisaac@systemreboot.net>) id 1bfAP0-0001eK-50
	for help-guix@gnu.org; Wed, 31 Aug 2016 14:38:22 -0400
Received: from [61.3.31.129] (helo=steel) by systemreboot.net with esmtpsa
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87)
	(envelope-from <arunisaac@systemreboot.net>) id 1bfAOv-0005k5-SQ
	for help-guix@gnu.org; Thu, 01 Sep 2016 00:08:18 +0530
In-reply-to: <20160831172204.GB28096@jasmine>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: help-guix <help-guix@gnu.org>

--=-=-=
Content-Type: text/plain


> Does Parabola have some sort of keyring that all the upstream keys go
> into? Or did I misinterpret your suggestion? I'm not familiar with the
> Parabola package management system.

No, Parabola does not collect upstream keys into any centralized keyring.

When you are building a package from source, the Parabola build system
verifies the GPG signature of the source archive if the developer's key
is in your keyring. Else, it raises an error and asks you to get the
required key manually. There is also an option that tells the build
system to automatically fetch the key if it is not in your keyring.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXxyQEAAoJEC4l7othgCuza1MH/Rrim6zBeCWlBTgeHPwzidqf
rkc6fERvPYHhysWd0PXUJEyTZ3D5Er8Ndem/Lw3WENaNcvLND3eAh8F4kmIoLbHZ
szrnbNQuhUCfNU3SiH24KwtTImkwr8hDukH8XcOP0kyHsCNtUU/Z/N6oMhhjJxX4
zDJTy1Vdn3qPZHRmhBH0V8yCYs/TvbaK0eceq3tw3tloOUk66IDvj4oSJhpwXvO2
qtPRsBgMk3uvHNOawflZFCEPIwgcHL1Y2UZc+Aamgcmx0tnXRgdQUIv+Ty+Pl2Dw
Pny2IDFi778sQbykgkDiof1acanx5nHYW4qw6UMUBwhDM5e9kEHi7vzmdMlRSMI=
=4wK1
-----END PGP SIGNATURE-----
--=-=-=--