verifying srpms vs rpms w/ gpg sig
Is there a difference between applying a gpg signature to srpms and rpms?
I believe I might be showing my ignorance w/ this question, but this IS the newbie forum.
If I compile the srpms can I then apply the gpg sig to it (the rpm sig)?
And lastly, --but most importantly, I'd like to know-- if the above is applicable to srpms as well as rpms, how do I check gpg sigs for a large cache of srpms?
Is there a way to check so that I don't have to go package by package?
If this question is too simple to answer then please direct me to where I can find the answer(s).
It's so frustrating to not even know how to properly frame the questions to those who have the answers.
This is a newbie forum.
Please stop the snobbery.
In a fit of frustration I am: