Re: Bug#687624: ITP: libdvdcss-pkg -- automated installer for libdvdcss
On Fri, 14 Sep 2012 21:51:44 Didier 'OdyX' Raboud wrote:
> uscan does absolutely no checking of the resulting tarball so this is
> sensitive to DNS MITM (at least). IMHO having a tighter connection between
> this libdvdcss-pkg and the upstream tarballs hashsums would be a good idea:
> you would need to upload a new version of libdvdcss-pkg for each new
> version of libdvdcss to tighten the trust chain.
Thanks for your feedback -- I like the idea of having tarballs hashsums.
I will implement it.