Package Details: bdisk 3.10-1

Git Clone URL: https://aur.archlinux.org/bdisk.git (read-only, click to copy)
Package Base: bdisk
Description: An easy liveCD creator built in python. Supports hybrid ISOs/USB, iPXE, and UEFI.
Upstream URL: https://bdisk.square-r00t.net
Licenses: GPL3
Conflicts: bdisk-git
Submitter: sanerb
Maintainer: sanerb
Last Packager: sanerb
Votes: 1
Popularity: 0.000000
First Submitted: 2016-11-21 06:19 (UTC)
Last Updated: 2018-01-04 09:40 (UTC)

Pinned Comments

sanerb commented on 2017-06-19 14:49 (UTC) (edited on 2017-09-01 22:47 (UTC) by sanerb)

# Bug reports can be filed at https://bugs.square-r00t.net/index.php?project=3 # News updates for packages can be followed at https://devblog.square-r00t.net (If you want an RSS-feed only pertaining to my AUR packages, you can subscribe to https://devblog.square-r00t.net/rss/?category=aur in your favourite RSS reader.) Note that you should still use the AUR web interface for flagging packages as out-of-date if a new version is released; the aforementioned bug tracker is to aid in issues with building/packaging/the PKGBUILD formats/etc. specifically. GPG signature "errors" are explained here: https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds Please read; it's not a bug. Thanks!

Latest Comments

sanerb commented on 2017-06-19 14:49 (UTC) (edited on 2017-09-01 22:47 (UTC) by sanerb)

# Bug reports can be filed at https://bugs.square-r00t.net/index.php?project=3 # News updates for packages can be followed at https://devblog.square-r00t.net (If you want an RSS-feed only pertaining to my AUR packages, you can subscribe to https://devblog.square-r00t.net/rss/?category=aur in your favourite RSS reader.) Note that you should still use the AUR web interface for flagging packages as out-of-date if a new version is released; the aforementioned bug tracker is to aid in issues with building/packaging/the PKGBUILD formats/etc. specifically. GPG signature "errors" are explained here: https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds Please read; it's not a bug. Thanks!

sanerb commented on 2017-02-13 14:00 (UTC)

(fixed, by the way)

sanerb commented on 2017-02-13 14:00 (UTC)

i'm the author (r00t^2). :P but yeah, forgot to update the SHA512 for the 3.01 release, whoops. gpg check should have still passed, though- usually if a sig distributed with a PKGBUILD passes but the checksum fails, that just means the hash wasn't updated but it's still a valid file. (and my key is indeed listed in the bdisk.square-r00t.net docs, as well as that post i linked to.) i linked to that post because people don't know how to use gpg verification with makepkg and think the verification's failing but it's actually because they haven't imported my key.

GI_Jack commented on 2017-02-13 12:16 (UTC) (edited on 2017-02-13 12:16 (UTC) by GI_Jack)

yes, I know how to override a failed checksum, but its a security error, and I do not ignore those, especially if someone chooses a strong hash like SHA512, they value security. I posted the error hoping you'd re-check the file, and determine if BDisk-3.01.tar.xz is still authentic Before I install, I would like a concise update/answer from the program maintainer. Security violations are not glitches to be ignored. If the hash is wrong, please change it. If the hash is right, please let me know because of a potential MITM attack.

sanerb commented on 2017-02-12 00:35 (UTC)

https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds

GI_Jack commented on 2017-02-11 22:44 (UTC)

==> Validating source files with sha512sums... BDisk-3.01.tar.xz ... FAILED