Source: libsodium Version: 1.0.18-1 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, d/watch currently downloads sources from libsodium's GitHub repository, while the recommended source is download.libsodium.org. As the libsodium website contains signed tarballs, I believe it should be appropriate for this package to use them, also because security is especially relevant to this package. I've also reported this on https://github.com/gcsideal/debian- libsodium/issues/5 If you'd like to receive help with the libsodium package I'd be happy to lend a hand; I really like the library! Thanks :) - -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.19.0-1-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQS6VuNIvZRFHt7JcAdKkgiiRVB3pwUCYyyXKBQcYW5kcmVhQHBh cHBhY29kYS5pdAAKCRBKkgiiRVB3p9ALAQCIpF+iJKxZ1oSqCZUIJ7nf72wE+XUj 4YwRCa2NTrN90AEA+D/0n+spkD2AZPc9fUY9nUVStikGyMlUvBNFDsTBIgY= =Zfz2 -----END PGP SIGNATURE-----