19 Jul
2015
19 Jul
'15
6:21 a.m.
On 19/07/15 15:29, Gaetan Bisson wrote:
[2015-07-19 06:52:39 +0200] Jerome Leclanche:
git tags can and should be pgp-signed, especially if the upstream is relying purely on git for releases. Is any package not covered by that?
That would certainly be the ideal way of doing things but I don't believe pacman currently knows how to verify these.
I guess that would be easy to add into makepkg. Look at scripts/libmakepkg/source/git.sh in the pacman.git tree... A