[Exherbo-dev] [Exherbo Security] Package Distfile Signing Proposal

Jason A. Donenfeld Jason at zx2c4.com
Thu May 10 14:43:55 UTC 2012


On Thu, May 10, 2012 at 3:44 PM, Julien Pivotto <roidelapluie at gmail.com> wrote:
> Indeed. But I can't not imagine something like:
>
> CHECKSUMS="${MY_PNV}.tar.gz 098f6bcd4621d373cade4e832627b4f6"

What's so bad about that? Every the package is bumped, the maintainer
makes sure to check if his tarball is trojan'd, and if not, put in the
proper sha1 sum to that field.



More information about the Exherbo-dev mailing list