11 Dec
2016
11 Dec
'16
7:46 p.m.
Hi, you likely noticed the discussion about "Stronger Hashes for PKGBUILDs" on Arch general. I wonder if there is any reason to avoid validpgpkeys for PKGBUILDs of the AUR? https://aur.archlinux.org/packages/freetype2-infinality/ ? If upstream, e.g. kernel.org signs the source, then IMO nothing is wrong with including it to the PKGBUILD. I prefer signed sources. Actually this is done for at least linux. $ grep validpgpkeys -A3 /var/abs/core/linux/PKGBUILD validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) Regards, Ralf