You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A cheap way to get package verification would be:
Let bulk builds provide pkg_summary.gz.asc signatures for the summary files.
Extend the summary files to contain a checksum for the binary package.
When downloading summaries, check the signatures of the summaries against allowed keys.
When installing packages, check the checksums of the binary packages against the summary file.
The text was updated successfully, but these errors were encountered:
A cheap way to get package verification would be:
Let bulk builds provide pkg_summary.gz.asc signatures for the summary files.
Extend the summary files to contain a checksum for the binary package.
When downloading summaries, check the signatures of the summaries against allowed keys.
When installing packages, check the checksums of the binary packages against the summary file.
The text was updated successfully, but these errors were encountered: