[Dev] Compiling our own core packages
Luke
g4jc at openmailbox.org
Sun Jan 8 15:09:01 GMT 2017
Hello everyone,
Due to some serious disagreements with upstream Arch, we are going to
start compiling our own core packages.
This is involving upstream bug https://bugs.archlinux.org/task/49979
against binutils. It is currently built with HTTP, no GPG signature, and
no hash check. They are unwilling to fix the issue and have made several
concerning comments.
Since the secured PKGBUILD is already made, upstream has little excuse
not to package it. We can roll out this important security fix in
[libre] after it has been tested.
All core packages should have HTTPS/GPG/SHA512 whenever possible, so we
will be updating a few other core PKGBUILDs as well and pushing these
updates to libre-testing.
Luke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170108/20bf93a6/attachment.sig>
More information about the Dev
mailing list