On 08/08/14 02:53 AM, Martti Kühne wrote:
> On Fri, Aug 8, 2014 at 8:35 AM, Fabien Dubosson
> wrote:
>> [...]
>>
>> But it has not the same meaning. Maintainer's name gives me the
>> information that I am installing a package that claims to be provided by
>> this maintainer, or uploaded with this
In the past, what packages provided by AUR needed signing, because after
uploading somebody manipulated the packages? AFAIK https for the AUR
downloads and checksums for the upstream downloads in the past didn't
cause that often serious trouble, IIRC it usually was safe.
Is there such a security m
> I love that I can make changes and proceed doing so in the course of
> building and installing a PKGBUILD from the AUR. So the PKGBUILDs I
> usually install aren't cryptographically similar to the package AUR
> would provide, deeming any cryptographic signing mechanism useless.
The idea of signi
On 08/08/14 03:43 AM, Ralf Mardorf wrote:
> In the past, what packages provided by AUR needed signing, because after
> uploading somebody manipulated the packages? AFAIK https for the AUR
> downloads and checksums for the upstream downloads in the past didn't
> cause that often serious trouble, IIR
On Fri, 2014-08-08 at 09:46 +0200, Fabien Dubosson wrote:
> It would only check that the `*.tar.gz` you received from AUR has been
> signed by the maintainer
The tar archives from https://www.kernel.org are signed. Is it really
needed for AUR? Btw. I several years build kernels without checking th
=== Signoff report for [community-testing] ===
https://www.archlinux.org/packages/signoffs/
There are currently:
* 2 new packages in last 24 hours
* 0 known bad packages
* 0 packages not accepting signoffs
* 0 fully signed off packages
* 16 packages missing signoffs
* 0 packages older than 14 days
The maintainer switched to GIT only so i renamed the package.
Please delete: https://aur.archlinux.org/packages/kdestyle-kvantum-kde4/
Thanks,
Andy
On 08/08, sxe wrote:
The maintainer switched to GIT only so i renamed the package.
Please delete: https://aur.archlinux.org/packages/kdestyle-kvantum-kde4/
Requests are sent from the AUR web interface now. Log into the AUR, go
to the package's page and click 'File request' in the action box t
On Fri, 08 Aug 2014 at 10:02:30, Daniel Micay wrote:
> On 08/08/14 03:43 AM, Ralf Mardorf wrote:
> > In the past, what packages provided by AUR needed signing, because after
> > uploading somebody manipulated the packages? AFAIK https for the AUR
> > downloads and checksums for the upstream downloa