How is automatically integrity checking and signature verification of downloaded files not a solved problem?
@thegrugq URL to the .sig isn't always obvious, sig might be over un-gzipped .tar (see kernel), which keys are valid for a URL?
-
-
@tehjh there are maybe a dozen important distros, everything can be handled. Hard code the key IDs in the script. -
@thegrugq@tehjh FWIW, Arch Linux already does what you're suggesting in the package build scripts: https://projects.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/linux-grsec …. - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.