FS#66959 - [dbus] use signed release file
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 09 June 2020, 19:59 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 14 July 2020, 23:00 GMT
Opened by T.J. Townsend (blakkheim) - Tuesday, 09 June 2020, 19:59 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 14 July 2020, 23:00 GMT
|
Details
Description:
The dbus package currently downloads an unsigned git tag for building. This diff uses the signed release file and removes an old PGP key. |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Tuesday, 14 July 2020, 23:00 GMT
Reason for closing: Fixed
Additional comments about closing: Looks like this was implemented in /trunk on 2020-06-10.
Tuesday, 14 July 2020, 23:00 GMT
Reason for closing: Fixed
Additional comments about closing: Looks like this was implemented in /trunk on 2020-06-10.
Signed tarballs are better in this regard (you get a signature over the entirety instead of a just a Merkle tree root) but I prefer tracking Git whenever possible. It eases patching, backports and reverts.