On 26 Nov 2010, at 20:58, Dirkjan Ochtman wrote: > On Fri, Nov 26, 2010 at 21:44, Noah Slater <[email protected]> wrote: >> But assuming we got this working, we face the problem of not being able to >> apply our own patches. Also, the software it downloads might have some bug >> in it that was introduced a week, day, or hour before the release was made. >> How would we defend ourselves against this? > > You pull a specific version tarball and check it against a checksum?
If we have a checksum, what's the point? Why not just include the original source the checksum is taken from?
