[pacman-dev] makepkg integrity check patches
louipc.ist at gmail.com
Thu May 6 13:49:22 CEST 2010
On Thu 06 May 2010 12:58 +0200, Xavier Chantry wrote:
> On Thu, May 6, 2010 at 12:50 PM, Loui Chang <louipc.ist at gmail.com> wrote:
> > This relates to package integrity. I guess I mean to present the odd
> > possibility where you trust the person who signed the package, but the
> > it hasn't even passed basic integrity checks.
> > I guess the debate is convenience versus correctness really.
> No, it's not, we want both.
> default behavior -> correctness
> non-default behavior for people who know what they are doing -> convenience
> Very much like pacman -Sd / -Sf as Allan already said multiple times.
As for analogies, I'm thinking it's more like an option for an HTML
generator to produce flawed markup to display nicely in a crappy
browser. Supporting bad behaviour is bad.
> > I can understand if someone may value the convenience more, but I
> > contend that the gained convenience is not particularly valuable after
> > all, can be obtained in other ways, and should not be put into the
> > official tools at the potential sacrifice of correctness.
> The only sacrifice we will make is packagers who dare sharing a
> pkgbuild with wrong checksums.
> Allan told me he will burn them all on the public place.
Hah. I think he said that he does share them.
Anyways. I do at least believe it should be possible to do
programmatically, thus makepkg should provide the functions for
skipinteg. Maybe it could be a hidden, undocumented option.
I'd be a lot more comfortable with that.
More information about the pacman-dev