(Mon, Jul 03, 2017 at 01:06:04AM +0200) Morten Linderud : > At this point we can't trust the trusted users to build and verify the > correct packages, let alone maintaine a safe infrastructure to build > packages. This is a slippery slope, and i really fucking hope this > isn't a serious issue any devs or TUs are afraid of. I didn’t imply that, but it’s easy to rely on the "gpg check" to skip other checks. I never faced the problem, but right out of my mind I don’t know how to download a git project archive and check easily that I got the correct tag. -- Ismael
Attachment:
signature.asc
Description: PGP signature
