summaryrefslogtreecommitdiffstats
path: root/scripts/libmakepkg/lint_pkgbuild
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2020-01-23 03:04:28 +0100
committerAllan McRae <allan@archlinux.org>2020-01-28 01:45:42 +0100
commitc3852ff42569542b787d9e49289f5358ad22f900 (patch)
tree51bb720b2a2f1dd4f997f7a0c1f5e9c9335458b3 /scripts/libmakepkg/lint_pkgbuild
parente54617c7d554e0c14c039432b5f7bef66e43769c (diff)
downloadpacman-c3852ff42569542b787d9e49289f5358ad22f900.tar.gz
pacman-c3852ff42569542b787d9e49289f5358ad22f900.tar.xz
Note that checksums from "makepkg -g" are not ideal
Generating checksums with "makepkg -g" only determines that the user of a PKGBUILD has the same file as the packager (assuming no collision). This means an upstream source could be maliciously changed and passed on as valid by a PKGBUILD. To avoid this, it is essential that any checksums used in a PKGBUILD are as provided by upstream. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/lint_pkgbuild')
0 files changed, 0 insertions, 0 deletions