On Thu, May 6, 2010 at 12:50 PM, Loui Chang <louipc.ist@gmail.com> wrote:
This relates to package integrity. I guess I mean to present the odd possibility where you trust the person who signed the package, but the it hasn't even passed basic integrity checks.
I guess the debate is convenience versus correctness really.
No, it's not, we want both. default behavior -> correctness non-default behavior for people who know what they are doing -> convenience Very much like pacman -Sd / -Sf as Allan already said multiple times.
I can understand if someone may value the convenience more, but I contend that the gained convenience is not particularly valuable after all, can be obtained in other ways, and should not be put into the official tools at the potential sacrifice of correctness.
The only sacrifice we will make is packagers who dare sharing a pkgbuild with wrong checksums. Allan told me he will burn them all on the public place. Just like we would do with people that would send a pkgbuild with rm -rf / inside.