Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#66959 - [dbus] use signed release file
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 09 June 2020, 19:59 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 14 July 2020, 23:00 GMT
Opened by T.J. Townsend (blakkheim) - Tuesday, 09 June 2020, 19:59 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 14 July 2020, 23:00 GMT
|
DetailsDescription:
The dbus package currently downloads an unsigned git tag for building. This diff uses the signed release file and removes an old PGP key. 
dbus.diff
(2.6 KiB)
|
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Tuesday, 14 July 2020, 23:00 GMT
Reason for closing: Fixed
Additional comments about closing: Looks like this was implemented in /trunk on 2020-06-10.
Tuesday, 14 July 2020, 23:00 GMT
Reason for closing: Fixed
Additional comments about closing: Looks like this was implemented in /trunk on 2020-06-10.
Signed tarballs are better in this regard (you get a signature over the entirety instead of a just a Merkle tree root) but I prefer tracking Git whenever possible. It eases patching, backports and reverts.