[arch-general] Integrating Virus Scanning for Packages Handled by Pacman

Christian Hesse list at eworm.de
Thu Apr 25 06:00:09 EDT 2013


Denis A. Altoé Falqueto <denisfalqueto at gmail.com> on Wed, 2013/04/24 17:18:
> I would say that the best way to assure you're using the correct file,
> as intended by the original developers, is to use digital signatures
> to check the sources. Not all projects sign their releases, but for
> those who do, you can use makepkg's support for GPG signature
> checking.

I do know some projects which sign their packages buy Arch PKGBUILDs do not
use them. Package 'postfix' is an example. Do the developers want bug reports
about that?
-- 
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Chris           get my mail address:    */=0;b=c[a++];)
putchar(b-1/(/*               gcc -o sig sig.c && ./sig    */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20130425/bc3790e9/attachment-0001.asc>


More information about the arch-general mailing list