> if an upstream does not sign the files, does not have https enabled, and/or > refuses to take security and privacy seriously, sha512 must be used in the > PKGBUILD files.
Then 1) you could argue our using SHA512 is meaningless, but 2) it doesn't matter; we should still be doing the Rightâ„¢ thing. -Chris Tonkinson
signature.asc
Description: OpenPGP digital signature
