[arch-dev-public] git packages and checksums

Allan McRae allan at archlinux.org
Sun Jul 19 06:21:32 UTC 2015

On 19/07/15 15:29, Gaetan Bisson wrote:
> [2015-07-19 06:52:39 +0200] Jerome Leclanche:
>> git tags can and should be pgp-signed, especially if the upstream is
>> relying purely on git for releases. Is any package not covered by
>> that?
> That would certainly be the ideal way of doing things but I don't
> believe pacman currently knows how to verify these.

I guess that would be easy to add into makepkg.  Look at
scripts/libmakepkg/source/git.sh in the pacman.git tree...


More information about the arch-dev-public mailing list