[arch-general] Sébastien Luttringer and Tobias Powalowski

Ismael Bouya ismael.bouya at normalesup.org
Sun Jul 2 23:20:58 UTC 2017


(Mon, Jul 03, 2017 at 01:06:04AM +0200) Morten Linderud :
> At this point we can't trust the trusted users to build and verify the
> correct packages, let alone maintaine a safe infrastructure to build
> packages. This is a slippery slope, and i really fucking hope this
> isn't a serious issue any devs or TUs are afraid of.

I didn’t imply that, but it’s easy to rely on the "gpg check" to skip
other checks.

I never faced the problem, but right out of my mind I don’t know how to
download a git project archive and check easily that I got the correct
tag.

-- 
Ismael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170703/36bdd5d1/attachment.asc>


More information about the arch-general mailing list