Re: Firefox without signature checking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

>
> >> But I also have to with a source-package since I won't check the
> >> sources with each release ;)
> >
> > Which is plain stupid.
>
> How is that stupid?  Do you check the sources with each release?  *How*
> do you perform those checks?
>

Perhaps there's a misunderstanding here. Not checking at least the PKGBUILD
on each rebuild *would* be reckless at best and plain stupid at worst, but
that's not what you suggested. Assuming trust in the upstream, I don't see
too big an issue with simply asserting that the PKGBUILD pulls the source
from the right place over an authenticated channel (i.e. HTTPS) and doesn't
do anything weird in the build functions.

>
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux