[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#687624: ITP: libdvdcss-pkg -- automated installer for libdvdcss

On Fri, 14 Sep 2012 21:51:44 Didier 'OdyX' Raboud wrote:

> uscan does absolutely no checking of the resulting tarball so this is
> sensitive to DNS MITM (at least). IMHO having a tighter connection between
> this libdvdcss-pkg and the upstream tarballs hashsums would be a good idea:
> you would need to upload a new version of libdvdcss-pkg for each new
> version of libdvdcss to tighten the trust chain.

Thanks for your feedback -- I like the idea of having tarballs hashsums. 
I will implement it.


Reply to: