9 Feb
2024
9 Feb
'24
10:59 p.m.
Hello, If upstream provides signed sources it is conventional to check the signature of these sources for validity, following the RFC you have already linked in your email. If a user chooses to use an unsupported way of building packages, such as AUR helpers, this is not our concern and the user should be familiar with manual building of packages. I believe Kusoneko pretty much said the same thing, but I couldn't tell whether they were given a definite answer or "maybe, maybe not". TL;DR its up to you, but following official repositories is probably your best bet :) Take care, -- Polarian GPG signature: 0770E5312238C760 Website: https://polarian.dev JID/XMPP: polarian@icebound.dev