[arch-general] Stronger Hashes for PKGBUILDs
Chris Tonkinson
chris at tonkinson.com
Sat Dec 3 15:54:16 UTC 2016
> if an upstream does not sign the files, does not have https enabled, and/or refuses to take security and privacy seriously, sha512 must be used in the PKGBUILD files.
Then
1) you could argue our using SHA512 is meaningless, but
2) it doesn't matter; we should still be doing the Right™ thing.
-Chris Tonkinson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20161203/a17c0241/attachment.asc>
More information about the arch-general
mailing list