On 02/19/2015 05:24 PM, Lukas Jirkovsky wrote: > On 19 February 2015 at 21:42, Doug Newgard <scimmia@xxxxxxxxxxxxxx> wrote: >> You can't. If upstream provides a checksum, that gives you some verification, >> but since github doesn't, there's no way to verify any of it. > > I don't know about github, but with bitbucket the checksums of these > generated tarballs may change occasionally as I had this issue with > luxrender. However, the sources were always the same, it was the > metadata that changed. > How important are checksums to PKGBUILDS then? Should sources with varying checksums just have 'SKIP' in their integrity arrays? Regards, Mark
