[aur-general] pcb-rnd-svn first package
pcb-rnd at cuvoodoo.info
pcb-rnd at cuvoodoo.info
Thu Jul 22 12:54:18 UTC 2021
On Thu, Jul 22, 2021 at 02:45:38PM +0200, Marcin Wieczorek wrote:
> Also I noticed that the signatures are broken (0 byte files). I don't
> think it even is PGP. In case you ever contact the upstream make sure to
> mention this and the fact that they should have https.
> I'm not sure about that tho, because the authors seem to negate the
> value of HTTPS or at least point out "false sense of security".
> http://repo.hu/cgi-bin/pool.cgi?cmd=show&node=https
I already pointed out that some .asc are missing or empty.
that should be fixed in the next release according to the author.
as for the https, I also discussed with the author on IRC, and the http choice is deliberate because the "false" securi
ty feeling HTTPS provide are not worth the effort, and he prefers pointing out the anchor of trust issue (as you found in the article).
also the signatures provided on the release page only use x.509 certificates.
AFAICS only GPG signatures are supported by PKGBUILD.
this is why I did not include the signatures.
More information about the aur-general
mailing list