On Fri, 14 Sep 2012 21:51:44 Didier 'OdyX' Raboud wrote: > uscan does absolutely no checking of the resulting tarball so this is > sensitive to DNS MITM (at least). IMHO having a tighter connection between > this libdvdcss-pkg and the upstream tarballs hashsums would be a good idea: > you would need to upload a new version of libdvdcss-pkg for each new > version of libdvdcss to tighten the trust chain.
Thanks for your feedback -- I like the idea of having tarballs hashsums. I will implement it. Regards, Dmitry. -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201209142218.18206.only...@member.fsf.org
