On Sat, 18 Jul 2015 19:20:53 -0600, fauno wrote: > > [1 <multipart/signed (7bit)>] > [1.1 <text/plain (quoted-printable)>] > fyi > > -- > }(:= > > -------------------- Start of forwarded message -------------------- > Date: Sat, 18 Jul 2015 10:04:28 -1000 > From: Gaetan Bisson <[email protected]> > Subject: [arch-dev-public] git packages and checksums > > Hi, > > As more of our official packages use git sources, I'd like to suggest we > always enforce some kind of checksum verification. More specifically, > I'd like us to avoid using straightforward source arrays such as: > > source=("git://github.com/systemd/systemd.git#tag=v$pkgver") > md5sums=('SKIP') > > Instead I suggest we use the full commit hash. In the example above, > that'd become something like: > > _commit=9a50ce20ef60263a6c88c29470ce761fcc424f2d > source=("git://github.com/systemd/systemd.git#commit=$_commit") > md5sums=('SKIP') > > Does that sound like a good idea?
You mean what I've been enforcing on Parabola packages from the get-go? ;-) -- Happy hacking, ~ Luke Shumaker _______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
