Hi, On Monday, 2020-02-17 19:06:23 +0100, Luboš Luňák wrote: > And is there any worthwhile gain in insisting on using upstream tarballs? Reliable checksums and reproducible packaging. A responsible developer introducing a new tarball on the download server a) checks it against the official checksum after download b) creates the SHA256SUM of the file to use in download.lst Any repacking invalidates that, specifically on a developer's machine could introduce omissions or additions. Eike -- GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918 630B 6A6C D5B7 6563 2D3A
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ LibreOffice mailing list LibreOffice@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/libreoffice