Re: [arch-general] Stronger Hashes for PKGBUILDs

Am 05.12.2016 um 23:45 schrieb Eli Schwartz via arch-general: > On 12/05/2016 05:25 PM, sivmu wrote: >> A LOT of packages do not use pgp validation even though upstream >> provides signatures. That is the real issue here. >> >> Let me say this again: everyone who is responsible for arch packages

Re: [arch-general] Installation: How to get HDD > LUKS > GPT working in a clean way

Hi Paul, > If another opinion helps, I've done some funky disk layouts at various > times, and I also think that if you need partitioning above the LUKS layer, > you'd do better to use LVM than GPT. GPT is intended to be used at the > lowest level of the stack, whereas LVM is well-supported at

Re: [arch-general] Stronger Hashes for PKGBUILDs

On 12/05/2016 05:25 PM, sivmu wrote: > A LOT of packages do not use pgp validation even though upstream > provides signatures. That is the real issue here. > > Let me say this again: everyone who is responsible for arch packages > needs to be clearly advised to use all available methods to

Re: [arch-general] Stronger Hashes for PKGBUILDs

Am 05.12.2016 um 21:50 schrieb Eli Schwartz via arch-general: > On 12/05/2016 02:56 PM, sivmu wrote: >> Am 04.12.2016 um 05:37 schrieb Maxwell Anselm via arch-general: You mean the source files that you downloaded and then hashed... >>> >>> Yes. If the source files are being modified via a

Re: [arch-general] Stronger Hashes for PKGBUILDs

> > Allan has already declared that he will not change the default > makepkg.conf, on the grounds that #2 is the most likely scenario for > people getting malicious packages. > He also wants everyone to know that updpkgsums and makepkg are perfectly > okay with maintainers changing the defaults,

Re: [arch-general] Stronger Hashes for PKGBUILDs

On 12/05/2016 02:56 PM, sivmu wrote: > Am 04.12.2016 um 05:37 schrieb Maxwell Anselm via arch-general: >>> You mean the source files that you downloaded and then hashed... >> >> Yes. If the source files are being modified via a MITM attack (which is >> trivial if the host uses HTTP) the checksum

Re: [arch-general] Stronger Hashes for PKGBUILDs

Am 04.12.2016 um 05:37 schrieb Maxwell Anselm via arch-general: >> >> You mean the source files that you downloaded and then hashed... >> > > Yes. If the source files are being modified via a MITM attack (which is > trivial if the host uses HTTP) the checksum is still useful. > The checksum

[arch-general] [Classroom] Getting Started with Arch Linux Package Building

New Class, "Getting Started with Arch Linux Package Building" The class will be held on Sunday, Dec 11th at 19:00 UTC in #archlinux-classroom on irc.freenode.net. It is taught by meskarune and halosghost. This class will give you the understanding and resources to read, edit and write your

Re: [arch-general] minidlna problems

Thank You for trying to help me, but it's not been VLC which caused the problems. Also, I found some notice about VLC 2.0 not working, seems it has been fixed already. Kind regards Peter Am 04.12.2016 um 19:55 schrieb SET: Le dimanche 4 décembre 2016 17:17:02 CET Mike Cloaked via

Re: [arch-general] minidlna problems

Thank You - I must admit that my firewall settings have been incorrect, though I've been sure I did change them, but obviously I didn't save them or sth. else ... Kind regards Peter Am 04.12.2016 um 18:17 schrieb Mike Cloaked via arch-general: On Sun, Dec 4, 2016 at 4:19 PM, Peter Nabbefeld

Re: [arch-general] Installation: How to get HDD > LUKS > GPT working in a clean way

On 2 December 2016 at 22:29, Merlin Büge wrote: >> Personally, I'd rather modify the start-up process a tiny bit so that >> GPT inside LUKS gets parsed. I just try to strip off unnecessary >> 'overhead' / layers of my system. > If you have 8 GiB or more and not hibernating,