On 05/12, Marc Lehmann wrote:
> Actually, from the reference you provide, this seems to be exactly _not_
> the case. I'm certainly no expert in arch packaging, but it looks as if
> the arch package needs to explicitly add any gnupg signature files to the
> source array, otherwise they wouldn't be
For clarity,
On 05/11, Marc Lehmann via arch-general wrote:
> He replied that the arch build system automatically treats all .sig files
> as gpg signatures, and that this can't be switched off; that the signature
> for http://dist.schmorp.de/liblzf/liblzf-3.6.tar.gz does not verify, and
> claimed
On 08/08, Geo Kozey via arch-general wrote:
> There is no tradition in Arch to self-host package sources as Debian does
> unless upstream has
> completely broken release process. This can impose security risks on Arch as
> we now have to
> trust their github infra rather than kernel.org (we all
On 08/01, Andrey Vihrov via arch-general wrote:
> - Previously the list of applied patches was very transparent. You could
> immediately see that the kernel and kernel patch tarballs come from
> kernel.org, and view individual extra patches. Now the code comes from a
> non-kernel source, and
4 matches
Mail list logo