On 10/14/18 7:16 PM, Levente Polyak via aur-general wrote:
On 10/14/18 11:35 PM, Daniel Bermond via aur-general wrote:
I usually don't use pgp on my aur packages because people tend to complain a lot about building issues. They fail to handle the keys and start complaining to the packager, and this is a big stress. When dealing with repository packages this is another story, of course. Since this was raised as a main issue, I'll be adding the pgp checks back again.
So let me summarize what you are saying, correct me if im wrong:
You fully know whats all the gizzle with gpg. Instead of acting like a trustable user who follows best practice and spreads good advice and helps teaching people about how all this works properly you prefere to pull the lazy card because its what? big stress? Serious? I don't even find words to describe how untrustworthy this is to the community to prefer to remove GPG signatures instead of educating users?
PS: Did you hear of pinned comments?
WOW I'm speechless at best. Sorry then. I'll be using gpg checks whenever it's available from now on.
-- Best regards, Daniel Bermond