[aur-general] Discussion about AUR packages signing
fabien.dubosson at gmail.com
Mon Aug 11 04:06:59 EDT 2014
> On a side note, with the release of AUR 4.0.0, we are no longer going
> to use source tarballs. Every source package will have its own Git
> repository and you can use signed tags or signed commits.
Actually that is more than a side note, that answers my main concern.
Glad to hear that it would be possible to ensure end-to-end verification
in a future AUR version.
Just curious, do you have an idea of the planning of 4.0.0 release?
(Very roughly: 6 months, 1 year, more?)
> So I think it is kind of pointless to discuss signed source tarballs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 801 bytes
Desc: not available
More information about the aur-general