7 Dec
2016
7 Dec
'16
11:24 p.m.
On Wed, 7 Dec 2016 11:44:11 +0100 Bennett Piater <bennett@piater.name> wrote:
Maybe giving a warning ("source authenticity was not verified due to lack of GPG signature") would work?
I find this a great idea. It's transparent, and this way people get frequently reminded about that security issue. Or like sivmu said:
A big fat warning about missing validation should automatically be generated in any package that misses signatures or at least https source downloads.
Regards, Merlin -- Merlin Büge <toni@bluenox07.de>