Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#72125 - [libexif] add pgp keys

Attached to Project: Arch Linux
Opened by mysta (mysta) - Monday, 13 September 2021, 17:19 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 19 September 2021, 08:19 GMT
Task Type Bug Report
Category Packages: Extra
Status Assigned
Assigned To Jan de Groot (JGC)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


Attached diff adds a "validpgpkeys" line to the libexif PKGBUILD for authenticity.

Additional info:
Some minor reworking of the tarball URLs was required since upstream only signs certain ones.
This task depends upon

Comment by Levente Polyak (anthraxx) - Monday, 13 September 2021, 17:47 GMT
libexif 0.6.23 release is the first and only one that has signed artifacts. please clarify with upstream if they opt in to literally always sign their releases and have a secure backup
Comment by mysta (mysta) - Monday, 13 September 2021, 17:50 GMT
I'm sorry but I don't have a Github account. (For what it's worth, libexif 0.6.23 is also only the second release they've made in the last ten years...)