Germano Massullo wrote:
> VLC package shipped by RPMFusion is missing a chain of trust with
> upstream developers.
HTTP Source URLs are very common in packages (there are probably dozens of
upstreams still not even supporting HTTPS at all, or using a self-signed or
otherwise invalid certificate), and most upstreams do not sign their
releases at all. So why are you singling out VLC in particular? This is just
how things are in the real world, not much we as downstream can do about it.
Kevin Kofler
_______________________________________________
rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org
To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
