8 Dec
2016
8 Dec
'16
12:24 a.m.
On Wed, 7 Dec 2016 11:44:11 +0100 Bennett Piater <bennett@piater.name> wrote:
Maybe giving a warning ("source authenticity was not verified due to lack of GPG signature") would work?
I find this a great idea. It's transparent, and this way people get frequently reminded about that security issue. Or like sivmu said:
A big fat warning about missing validation should automatically be generated in any package that misses signatures or at least https source downloads.
Regards, Merlin -- Merlin Büge <toni@bluenox07.de>