On Thu, May 6, 2010 at 12:50 PM, Loui Chang <[email protected]> wrote: > > This relates to package integrity. I guess I mean to present the odd > possibility where you trust the person who signed the package, but the > it hasn't even passed basic integrity checks. > > I guess the debate is convenience versus correctness really. >
No, it's not, we want both. default behavior -> correctness non-default behavior for people who know what they are doing -> convenience Very much like pacman -Sd / -Sf as Allan already said multiple times. > I can understand if someone may value the convenience more, but I > contend that the gained convenience is not particularly valuable after > all, can be obtained in other ways, and should not be put into the > official tools at the potential sacrifice of correctness. > The only sacrifice we will make is packagers who dare sharing a pkgbuild with wrong checksums. Allan told me he will burn them all on the public place. Just like we would do with people that would send a pkgbuild with rm -rf / inside.
