On Fri, 14 Sep 2012 21:51:44 Didier 'OdyX' Raboud wrote: > uscan does absolutely no checking of the resulting tarball so this is > sensitive to DNS MITM (at least). IMHO having a tighter connection between > this libdvdcss-pkg and the upstream tarballs hashsums would be a good idea: > you would need to upload a new version of libdvdcss-pkg for each new > version of libdvdcss to tighten the trust chain.
Thanks for your feedback -- I like the idea of having tarballs hashsums. I will implement it. Regards, Dmitry. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
