> if an upstream does not sign the files, does not have https enabled, and/or 
> refuses to take security and privacy seriously, sha512 must be used in the 
> PKGBUILD files.

Then

  1) you could argue our using SHA512 is meaningless, but
  2) it doesn't matter; we should still be doing the Rightâ„¢ thing.

-Chris Tonkinson

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to