Denis A. Altoé Falqueto <denisfalqueto@xxxxxxxxx> on Wed, 2013/04/24 17:18:
> I would say that the best way to assure you're using the correct file,
> as intended by the original developers, is to use digital signatures
> to check the sources. Not all projects sign their releases, but for
> those who do, you can use makepkg's support for GPG signature
> checking.
I do know some projects which sign their packages buy Arch PKGBUILDs do not
use them. Package 'postfix' is an example. Do the developers want bug reports
about that?
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];)
putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
Attachment:
signature.asc
Description: PGP signature
