[Dev] [UNIFONT] package update
bill-auger
bill-auger at peers.community
Mon Nov 28 11:30:19 GMT 2022
On Mon, 28 Nov 2022 13:18:54 +0200 Wael wrote:
> I can't find how to force verification.
it is automatic - if validpgpkeys is populated, any
source=() files with an associated .asc or .sig will be verified
On Mon, 28 Nov 2022 13:18:54 +0200 Wael wrote:
> Additionally I thought we can do without it, but the download is done over HTTP
> and not HTTPS
encryption is not a significant factor
signatures are always optional, because most projects do not
publish them; but signatures should be verified whenever the
upstream does publish them
More information about the Dev
mailing list