[aur-general] Discussion about AUR packages signing

Ralf Mardorf info.mardorf at rocketmail.com
Fri Aug 8 03:43:53 EDT 2014

In the past, what packages provided by AUR needed signing, because after
uploading somebody manipulated the packages? AFAIK https for the AUR
downloads and checksums for the upstream downloads in the past didn't
cause that often serious trouble, IIRC it usually was safe.

Is there such a security mechanism, if we build from ABS?

More information about the aur-general mailing list