Hello everyone, Due to some serious disagreements with upstream Arch, we are going to start compiling our own core packages.
This is involving upstream bug https://bugs.archlinux.org/task/49979 against binutils. It is currently built with HTTP, no GPG signature, and no hash check. They are unwilling to fix the issue and have made several concerning comments. Since the secured PKGBUILD is already made, upstream has little excuse not to package it. We can roll out this important security fix in [libre] after it has been tested. All core packages should have HTTPS/GPG/SHA512 whenever possible, so we will be updating a few other core PKGBUILDs as well and pushing these updates to libre-testing. Luke
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
