[Dev] Fwd: [arch-dev-public] git packages and checksums
fauno
fauno at endefensadelsl.org
Sun Jul 19 01:20:53 GMT 2015
fyi
--
}(:=
-------------------- Start of forwarded message --------------------
Date: Sat, 18 Jul 2015 10:04:28 -1000
From: Gaetan Bisson <bisson at archlinux.org>
Subject: [arch-dev-public] git packages and checksums
Hi,
As more of our official packages use git sources, I'd like to suggest we
always enforce some kind of checksum verification. More specifically,
I'd like us to avoid using straightforward source arrays such as:
source=("git://github.com/systemd/systemd.git#tag=v$pkgver")
md5sums=('SKIP')
Instead I suggest we use the full commit hash. In the example above,
that'd become something like:
_commit=9a50ce20ef60263a6c88c29470ce761fcc424f2d
source=("git://github.com/systemd/systemd.git#commit=$_commit")
md5sums=('SKIP')
Does that sound like a good idea?
--
Gaetan
-------------------- End of forwarded message --------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150718/ef5cd324/attachment.sig>
More information about the Dev
mailing list