Doug Newgard <scimmia@xxxxxxxxxxxxxx> on Sun, 2015/01/04 16:03: > On Sun, 4 Jan 2015 22:05:21 +0100 > Christian Hesse <list@xxxxxxxx> wrote: > > > Hello everybody, > > > > pacman 4.2.0 gained support for verifying source tarballs with > > kernel.org style signature. Some (even essential) packages could > > benefit from that, linux and git come to mind. > > > > How to handle this? Report a bug for every package? Provide a list > > here? > > A lot of it is already happening: > https://www.archlinux.org/todo/validpgpkeys-integrity-check/ This is about validpgpkeys array. Glad to see this happen, but it is not what I was speaking about: If the tar archive (instead of the compressed archive) was signed pacman < 4.2.0 could not check. That is why you can not find these with grep. > If you want it added to a package that isn't on that list, the bug > tracker is probably the best bet. Note that the linux package already > has it. Ah, I can see it on the website, but abs did not yet sync it. Thanks! -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
Attachment:
pgpxfULqvyhSC.pgp
Description: OpenPGP digital signature
