[arch-dev-public] git packages and checksums
Allan McRae
allan at archlinux.org
Sun Jul 19 06:21:32 UTC 2015
On 19/07/15 15:29, Gaetan Bisson wrote:
> [2015-07-19 06:52:39 +0200] Jerome Leclanche:
>> git tags can and should be pgp-signed, especially if the upstream is
>> relying purely on git for releases. Is any package not covered by
>> that?
>
> That would certainly be the ideal way of doing things but I don't
> believe pacman currently knows how to verify these.
>
I guess that would be easy to add into makepkg. Look at
scripts/libmakepkg/source/git.sh in the pacman.git tree...
A
More information about the arch-dev-public
mailing list