On Wed, 7 Dec 2016 11:44:11 +0100
Bennett Piater <benn...@piater.name> wrote:
> Maybe giving a warning ("source authenticity was not verified due to
> lack of GPG signature") would work?
I find this a great idea.
It's transparent, and this way people get frequently reminded about that
security issue.
Or like sivmu said:
> A big fat warning about missing validation should automatically be
> generated in any package that misses signatures or at least https source
> downloads.
Regards,
Merlin
--
Merlin Büge <t...@bluenox07.de>
