Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/lint_pkgbuild/package_function_variable.sh.in
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2020-01-23 12:04:28 +1000
committerAllan McRae <allan@archlinux.org>2020-01-28 10:45:42 +1000
commitc3852ff42569542b787d9e49289f5358ad22f900 (patch)
tree51bb720b2a2f1dd4f997f7a0c1f5e9c9335458b3 /scripts/libmakepkg/lint_pkgbuild/package_function_variable.sh.in
parente54617c7d554e0c14c039432b5f7bef66e43769c (diff)
Note that checksums from "makepkg -g" are not ideal
Generating checksums with "makepkg -g" only determines that the user of a PKGBUILD has the same file as the packager (assuming no collision). This means an upstream source could be maliciously changed and passed on as valid by a PKGBUILD. To avoid this, it is essential that any checksums used in a PKGBUILD are as provided by upstream. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/lint_pkgbuild/package_function_variable.sh.in')
0 files changed, 0 insertions, 0 deletions