https://bugzilla.redhat.com/show_bug.cgi?id=1713767
--- Comment #15 from Richard W.M. Jones <rjo...@redhat.com> --- > · Would it be possible to provide a URL to the keyring? Use HTTPS if at all > possible. Then anyone can verify that the keyring in the package is the same > as upstream. (The build would of course still use the keyring in the Git > repository.) It's been on my to-do list for a long time to set up letsencrypt on http://libguestfs.org but I haven't got around to it yet. However in this case the key is available from your favourite GPG keyserver: https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex and you can verify it by doing: $ gpg2 -k --fingerprint --homedir=`pwd` --keyring=libguestfs.keyring Please ignore the revoked key at the first link. A few years ago to prove some point someone generated a bunch of keys of open source software developers with colliding 32 bit IDs. The correct key has fingerprint F777 4FB1 AD07 4A7E 8C87 67EA 9173 8F73 E1B7 68A0. > · lib/nbd-protocol.h has a BSD license, so I think the license tag for the > library becomes "LGPLv2+ and BSD". I'm not clear if the License field refers to the source or the binary, but if it refers to the binary then the license is LGPLv2+, but if it's for the source then it's mixed as you say. > · The license tag of libnbd-devel should include the license of the examples. > At the moment I'm not sure what to call that license. It's intended to be as close to public domain as possible. Will fix the other things and post a new link soon. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org