[arch-general] Severity of Failed checksum for PKGBUILD
Mark Lee
mark at markelee.com
Thu Feb 19 22:46:32 UTC 2015
On 02/19/2015 05:24 PM, Lukas Jirkovsky wrote:
> On 19 February 2015 at 21:42, Doug Newgard <scimmia at archlinux.info> wrote:
>> You can't. If upstream provides a checksum, that gives you some verification,
>> but since github doesn't, there's no way to verify any of it.
>
> I don't know about github, but with bitbucket the checksums of these
> generated tarballs may change occasionally as I had this issue with
> luxrender. However, the sources were always the same, it was the
> metadata that changed.
>
How important are checksums to PKGBUILDS then? Should sources with
varying checksums just have 'SKIP' in their integrity arrays?
Regards,
Mark
More information about the arch-general
mailing list