Note that checksums from "makepkg -g" are not ideal

Generating checksums with "makepkg -g" only determines that the user of a
PKGBUILD has the same file as the packager (assuming no collision).  This
means an upstream source could be maliciously changed and passed on as valid
by a PKGBUILD.  To avoid this, it is essential that any checksums used in
a PKGBUILD are as provided by upstream.

Signed-off-by: Allan McRae <allan@archlinux.org>

0 files changed, 0 insertions, 0 deletions