On Thu 06 May 2010 12:58 +0200, Xavier Chantry wrote: > On Thu, May 6, 2010 at 12:50 PM, Loui Chang <louipc....@gmail.com> wrote: > > This relates to package integrity. I guess I mean to present the odd > > possibility where you trust the person who signed the package, but the > > it hasn't even passed basic integrity checks. > > > > I guess the debate is convenience versus correctness really. > > No, it's not, we want both. > default behavior -> correctness > non-default behavior for people who know what they are doing -> convenience > Very much like pacman -Sd / -Sf as Allan already said multiple times.
As for analogies, I'm thinking it's more like an option for an HTML generator to produce flawed markup to display nicely in a crappy browser. Supporting bad behaviour is bad. > > I can understand if someone may value the convenience more, but I > > contend that the gained convenience is not particularly valuable after > > all, can be obtained in other ways, and should not be put into the > > official tools at the potential sacrifice of correctness. > > The only sacrifice we will make is packagers who dare sharing a > pkgbuild with wrong checksums. > Allan told me he will burn them all on the public place. Hah. I think he said that he does share them. Anyways. I do at least believe it should be possible to do programmatically, thus makepkg should provide the functions for skipinteg. Maybe it could be a hidden, undocumented option. I'd be a lot more comfortable with that.
