On Thu 06 May 2010 12:58 +0200, Xavier Chantry wrote:
On Thu, May 6, 2010 at 12:50 PM, Loui Chang <louipc.ist@gmail.com> wrote:
This relates to package integrity. I guess I mean to present the odd possibility where you trust the person who signed the package, but the it hasn't even passed basic integrity checks.
I guess the debate is convenience versus correctness really.
No, it's not, we want both. default behavior -> correctness non-default behavior for people who know what they are doing -> convenience Very much like pacman -Sd / -Sf as Allan already said multiple times.
As for analogies, I'm thinking it's more like an option for an HTML generator to produce flawed markup to display nicely in a crappy browser. Supporting bad behaviour is bad.
I can understand if someone may value the convenience more, but I contend that the gained convenience is not particularly valuable after all, can be obtained in other ways, and should not be put into the official tools at the potential sacrifice of correctness.
The only sacrifice we will make is packagers who dare sharing a pkgbuild with wrong checksums. Allan told me he will burn them all on the public place.
Hah. I think he said that he does share them. Anyways. I do at least believe it should be possible to do programmatically, thus makepkg should provide the functions for skipinteg. Maybe it could be a hidden, undocumented option. I'd be a lot more comfortable with that.