-
Allan McRae authored
Generating checksums with "makepkg -g" only determines that the user of a PKGBUILD has the same file as the packager (assuming no collision). This means an upstream source could be maliciously changed and passed on as valid by a PKGBUILD. To avoid this, it is essential that any checksums used in a PKGBUILD are as provided by upstream. Signed-off-by: Allan McRae <allan@archlinux.org>
c3852ff4