2 Jul
2017
2 Jul
'17
11:20 p.m.
(Mon, Jul 03, 2017 at 01:06:04AM +0200) Morten Linderud :
At this point we can't trust the trusted users to build and verify the correct packages, let alone maintaine a safe infrastructure to build packages. This is a slippery slope, and i really fucking hope this isn't a serious issue any devs or TUs are afraid of.
I didn’t imply that, but it’s easy to rely on the "gpg check" to skip other checks. I never faced the problem, but right out of my mind I don’t know how to download a git project archive and check easily that I got the correct tag. -- Ismael