FS#72237 - [libass] use pgp key
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Saturday, 25 September 2021, 15:34 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 23 August 2022, 01:48 GMT
Opened by T.J. Townsend (blakkheim) - Saturday, 25 September 2021, 15:34 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 23 August 2022, 01:48 GMT
|
Details
Description:
The libass package has a "validpgpkeys" line but does not actually make use of it. This diff adds the missing "?signed" marker to the source line. Additional info: The tags are signed, but commits are not. 
libass.diff
(0.5 KiB)
|
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Tuesday, 23 August 2022, 01:48 GMT
Reason for closing: Fixed
Additional comments about closing: Changed in trunk to build from signed tarballs.
Tuesday, 23 August 2022, 01:48 GMT
Reason for closing: Fixed
Additional comments about closing: Changed in trunk to build from signed tarballs.
Comment by
T.J. Townsend (blakkheim) -
Saturday, 23 October 2021, 21:49 GMT
Ping
Comment by
T.J. Townsend (blakkheim) -
Wednesday, 09 March 2022, 17:09 GMT
Ping
Comment by
T.J. Townsend (blakkheim) -
Wednesday, 03 August 2022, 18:46 GMT
Ping
Comment by
T.J. Townsend (blakkheim) - Friday,
12 August 2022, 15:13 GMT
Updated diff
libass-v2.diff
(0.7 KiB)
Comment by
Evangelos Foutras (foutrelis) -
Tuesday, 23 August 2022, 01:47 GMT
The issue with tags is that they can be changed to point to
another commit (thus the need for hash pinning). For this
particular package, the simpler solution is to use the signed
tarball offered by upstream.