[arch-general] Severity of Failed checksum for PKGBUILD
Anatol Pomozov
anatol.pomozov at gmail.com
Fri Feb 20 08:50:33 UTC 2015
Hi
On Thu, Feb 19, 2015 at 2:24 PM, Lukas Jirkovsky <l.jirkovsky at gmail.com> wrote:
> On 19 February 2015 at 21:42, Doug Newgard <scimmia at archlinux.info> wrote:
>> You can't. If upstream provides a checksum, that gives you some verification,
>> but since github doesn't, there's no way to verify any of it.
>
> I don't know about github, but with bitbucket the checksums of these
> generated tarballs may change occasionally as I had this issue with
> luxrender.
Any project that uses JGit (like Gerrit used by chromium) has this
problem as well.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=445819
> However, the sources were always the same, it was the
> metadata that changed.
More information about the arch-general
mailing list