fyi -- }(:=
-------------------- Start of forwarded message -------------------- Date: Sat, 18 Jul 2015 10:04:28 -1000 From: Gaetan Bisson <[email protected]> Subject: [arch-dev-public] git packages and checksums Hi, As more of our official packages use git sources, I'd like to suggest we always enforce some kind of checksum verification. More specifically, I'd like us to avoid using straightforward source arrays such as: source=("git://github.com/systemd/systemd.git#tag=v$pkgver") md5sums=('SKIP') Instead I suggest we use the full commit hash. In the example above, that'd become something like: _commit=9a50ce20ef60263a6c88c29470ce761fcc424f2d source=("git://github.com/systemd/systemd.git#commit=$_commit") md5sums=('SKIP') Does that sound like a good idea? -- Gaetan -------------------- End of forwarded message --------------------
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
