-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Downloads of source code and nightly builds not verified #83
Comments
Ideally, upstream would give each nightly tarball a unique name some way so we could use the name in the src_uri of an ebuild instead of using wget in src_unpack to download them. Since they don't do that, a nightly ebuild is exactly like a live ebuild; if you use them you get what you get. That is why we can't ever keyword nightlys. |
See #6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Perhaps due to the nature of nightly builds it is usually more work to verify their integrity and authenticity (say, via a signature by the rust developers). The current situation is sub-optimal and there are a number of things that can be done about this:
Upstream issues:
The text was updated successfully, but these errors were encountered: