Thunderbird 78 is in the repos for quite some time now. Can anyone
please explain me what is the best way to use GPG now for email encryption?
I read that Archlinux aims to use the system wide gpg keyring instead of
thunderbirds builtin store. Is that still the case and is that
implemented yet? Th
On 7/8/20 9:14 PM, Filipe Laíns via arch-general wrote:
> On Wed, 2020-07-08 at 21:08 +0200, NicoHood wrote:
>> Hey guys,
>> i have recently received the attached email from a user. He cannot
>> install a package from me due to a GPG error. I have recently updated my
>>
ck.li wrote:
> Hi, sorry to bother you, I think that the signature on the snap-pac
> packet is expired or something similar, I'm getting this pacman error:
>
> error: snap-pac: signature from "NicoHood " is unknown
> trust
> :: File /var/cache/pacman/pkg/snap-pac
Thanks you two for adopting the packages!
On 8/27/19 11:18 AM, David Runge wrote:
> On 2019-08-27 09:39:11 (+0200), NicoHood wrote:
>> I maintain a few packages that I do not use anymore myself.
>> to orphan those, as I currently do not have time to test them,
>> especi
Hey guys!
I maintain a few packages that I do not use anymore myself. I would like
to orphan those, as I currently do not have time to test them,
especially on major version upgrades. I want to keep the quality of our
packages and hope that somebody else can take over the following
packages. Otherw
On 9/7/18 2:08 PM, Jeanette C. via arch-general wrote:
> Hey hey,
> I just tried to install gnupod-git from AUR and there is one unmet
> dependency not found by either pacman or through AUR: perl-date-parse .
>
> Short of building an AUR myself, is there something I could do?
>
> Best wishes,
>
nce of GPG or just never looked into it. Just a few refuse to use
GPG, leave that for now.
As additional support you can use the GPGit guides as well as the
automated (same named) GPGit tool: https://github.com/NicoHood/gpgit
It will help new users to understand GPG and provide them an eas
On 07/03/2017 12:21 AM, Morten Linderud wrote:
> On Mon, Jul 03, 2017 at 12:16:53AM +0200, NicoHood wrote:
>> On 07/03/2017 12:07 AM, Morten Linderud wrote:
>>> On Sun, Jul 02, 2017 at 11:55:35PM +0200, NicoHood wrote:
>>>> Yes the GPG signature of the tag comm
On 07/03/2017 12:07 AM, Morten Linderud wrote:
> On Sun, Jul 02, 2017 at 11:55:35PM +0200, NicoHood wrote:
>> Yes the GPG signature of the tag commit is checked. However you can
>> attack the git metadata and set a tag to a different commit. If this
>> commit is signed, but at
On 07/02/2017 11:38 PM, Eli Schwartz wrote:
> Let's make this clear: None of these claims are true! At all! Not even
> one of them!
You just say its not true, but that is wrong. I've wrote a statement for
every link he pointed out in which way it is valid or not.
> You have grabbed the troll ba
On 07/02/2017 11:05 PM, Martin Kühne via arch-general wrote:
> On Sun, Jul 2, 2017 at 10:39 PM, NicoHood wrote:
>> So why are we so resistant against those suggestions? Those are good and
>> valid, no matter who this guy is and how he interacts with people. From
>> the techn
On 07/02/2017 10:18 PM, Eli Schwartz via arch-general wrote:
> On 07/02/2017 04:12 PM, User via arch-general wrote:
>> Sébastien Luttringer,
>> https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/btrfs-progs&id=959539e1f7df15986f336bb03225ea796a44ca3e
>> ,
>> https://www.kern
On 12/26/2016 01:21 PM, Allan McRae wrote:
> On 26/12/16 22:12, NicoHood wrote:
>>
>>
>> On 12/16/2016 05:46 PM, Diego Viola via arch-general wrote:
>>> On Sat, Dec 3, 2016 at 3:27 AM, fnodeuser wrote:
>>>> https://lists.archlinux.org/pipermail
On 12/16/2016 05:46 PM, Diego Viola via arch-general wrote:
> On Sat, Dec 3, 2016 at 3:27 AM, fnodeuser wrote:
>> https://lists.archlinux.org/pipermail/arch-dev-public/2016-November/028492.html
>>
>> i have a few things to add to this.
>>
>> the message digests at the download page for the .iso
On 12/16/2016 09:59 AM, Levente Polyak wrote:
> On 12/16/2016 06:03 AM, Eli Schwartz via arch-general wrote:
>> On 12/15/2016 08:35 PM, fnodeuser wrote:
>>> what i said is that the users must check the integrity of the sources too.
>>> it is not something that only the package maintainers must do.
On 12/08/2016 03:14 PM, Bennett Piater wrote:
>>> Is there any voting system that we have so that we can also
>>> democratically vote for stronger hashes?
>>
>> The Arch developers decide this, not a democratically vote ;).
>
> Arch is not a democracy, that has been said many times.
>
That is tr
On 12/08/2016 01:34 AM, Allan McRae wrote:
> On 08/12/16 08:51, sivmu wrote:
>> Am 07.12.2016 um 10:49 schrieb Allan McRae:
...
I advocate keeping md5sum as the default because it is broken. If I see
someone purely verifying their sources using md5sum in a PKGBUILD (and
not pgp
On 12/07/2016 10:49 AM, Allan McRae wrote:
>
> I advocate keeping md5sum as the default because it is broken. If I see
> someone purely verifying their sources using md5sum in a PKGBUILD (and
> not pgp signature), I know that they have done nothing to actually
> verify the source themselves.
>
> I
27;ve already
uploaded parts of it).
Here is a tutorial how to setup gpg real quick and also a template to
ask upstream for GPG signatures. Any contributions appreciated.
https://github.com/NicoHood/NicoHood.github.io/wiki/How-to-sign-sources-with-GPG-in-under-5-minutes
https://github.com/NicoHood/
On 12/03/2016 07:21 PM, sivmu wrote:
>
>
> Am 03.12.2016 um 06:27 schrieb fnodeuser:
>
>>
>> if an upstream does not sign the files, does not have https enabled, and/or
>> refuses to take security and privacy seriously, sha512 must be used in the
>> PKGBUILD files.
>
> But using and hash va
20 matches
Mail list logo
