quot;? Can configure include tools that make such integrity
verification easier (and automatic)? For example, "make dist" or whatever
could always create a GPG-signed file.
What other ways do you see to solve the problem of "configure" being that
"untrusted binary app"
On Mon, 23 Apr 2001, Michael Still wrote:
> Autoconf could run gnupg / pgp (if present) after generating the configure
> script and produce a checksum on the script. If this was a default action,
> then it would increase the chance of developers having at least some
> checksumming.
>
> It doesn't
