Denis A. AltoƩ Falqueto <denisfalqu...@gmail.com> on Wed, 2013/04/24 17:18: > I would say that the best way to assure you're using the correct file, > as intended by the original developers, is to use digital signatures > to check the sources. Not all projects sign their releases, but for > those who do, you can use makepkg's support for GPG signature > checking.
I do know some projects which sign their packages buy Arch PKGBUILDs do not
use them. Package 'postfix' is an example. Do the developers want bug reports
about that?
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];)
putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
signature.asc
Description: PGP signature
