> > Allan has already declared that he will not change the default > makepkg.conf, on the grounds that #2 is the most likely scenario for > people getting malicious packages. > He also wants everyone to know that updpkgsums and makepkg are perfectly > okay with maintainers changing the defaults, people who don't know there > are defaults to change are probably not your best bet security-wise, and > the only real security is either PGP or strong checksums posted by > upstream on a second website. > Also, that changing the defaults will encourage a false sense of > security when people think that checksums have any validity in > authentication. > The only change I can think of would be some way for the PKGBUILD to distinguish between "official" checksums (to defend against all cases) and "unofficial" checksums (to defend against #1 and #3). But that's a matter for arch-dev-public.
