[arch-dev-public] git packages and checksums

Gaetan Bisson bisson at archlinux.org
Sun Jul 19 05:29:28 UTC 2015

[2015-07-19 06:52:39 +0200] Jerome Leclanche:
> git tags can and should be pgp-signed, especially if the upstream is
> relying purely on git for releases. Is any package not covered by
> that?

That would certainly be the ideal way of doing things but I don't
believe pacman currently knows how to verify these.



More information about the arch-dev-public mailing list