[Exherbo-dev] [Exherbo Security] Package Distfile Signing Proposal

Ciaran McCreesh ciaran.mccreesh at googlemail.com
Thu May 10 15:45:03 UTC 2012

On Thu, 10 May 2012 17:43:05 +0200
"Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
> On Thu, May 10, 2012 at 5:09 PM, Ciaran McCreesh
> <ciaran.mccreesh at googlemail.com> wrote:
> > it's better done as an annotations on DOWNLOADS than as a new
> > variable.
> I'm probably confused about this, but I was thinking that there are
> other means for fetching distfiles other than DOWNLOADS -- nofetch,
> but a custom bash funct to do it, or fetch-restriction so it's gotten
> manually, etc. And for this reason not all things that need to be
> CHECKSUM'd will necessarily be in DOWNLOADS. I could be mistaken
> though...

Those should still get a filename listed in DOWNLOADS, even if it
doesn't come with a URL.

Ciaran McCreesh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.exherbo.org/pipermail/exherbo-dev/attachments/20120510/7384f3ec/attachment.asc>

More information about the Exherbo-dev mailing list