[arch-general] ensuring integrity of sources (was: [arch-dev-public] todo list for moving http -> https sources)

[Eli Schwartz]

On 10/31/2016 07:35 PM, Leonid Isaev wrote:
> Regarding checksums, how did a dev know that upstream sources are authentic?

Personally, I check the upstream sources of stuff I publish to the AUR.
I maintain an additional *-git package for anything that makes sense
that way, so it is easy to diff/log.

-- 
Eli Schwartz