3 Dec
2016
3 Dec
'16
3:54 p.m.
if an upstream does not sign the files, does not have https enabled, and/or refuses to take security and privacy seriously, sha512 must be used in the PKGBUILD files.
Then 1) you could argue our using SHA512 is meaningless, but 2) it doesn't matter; we should still be doing the Right™ thing. -Chris Tonkinson