[arch-general] ensuring integrity of sources (was: [arch-dev-public] todo list for moving http -> https sources)
Bennett Piater
bennett at piater.name
Tue Nov 1 12:08:25 UTC 2016
> Any PKGBUILD kept in git can already optionally have this feature. See
> git-commit(1), specifically, its --gpg-sign option.
I know that, I have
[commit]
gpgsign = true
in my ~/.gitconfig.
It would be nice if more people did that and if makepkg checked that,
though.
It would probably be counter-productive to enforce it on the AUR through
a git hook, but maybe a warning or something?
I might post that to aur-general at some point.
Cheers,
Bennett
--
GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 520 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20161101/d7fdb804/attachment.asc>
More information about the arch-general
mailing list