Package Details: libbulletml 0.0.6-1

Git Clone URL: https://aur.archlinux.org/libbulletml.git (read-only)
Package Base: libbulletml
Description: C++ library to handle BulletML, a markup language to describe bullets in shooting games.
Upstream URL: http://shinh.skr.jp/libbulletml/index_en.html
Licenses: custom:libbulletml
Submitter: escondida
Maintainer: escondida
Last Packager: escondida
Votes: 2
Popularity: 0.302181
First Submitted: 2015-12-11 23:35
Last Updated: 2015-12-11 23:35

Latest Comments

zorun commented on 2016-06-27 08:48

I agree with you in principle.

However, a more pragmatic point of checksums is to make sure that the user builds from the same tarball as the maintainer. There are many reasons why the upstream tarball may change between the time you upload the package and a user tries to build it:

- the tarball was somehow corrupted during download or storage
- some malicious person added a backdoor to the upstream tarball
- upstream overwrote the tarball with a new version
- the tarball is no longer available upstream and returns e.g. a HTML page instead

All of these are serious issues, and are catched by checksum verification.

escondida commented on 2016-06-27 00:28

No, if upstream chooses not to provide integrity checks, it would be a meaningless gesture for me to add them. Without checksums from upstream, there's no way for me to check whether or not mine match the dev's One True Tarball.

zorun commented on 2016-06-26 14:35

You should provide checksums for the files, even though upstream does not publish any...

7c37f3d2d52825417c5de716f89bea4b71156371e698e2579daf7921df07aa79 libbulletml-0.0.6.tar.bz2
f0a9f01ef9daaa980f876253c81e8e76eea17b7de1aa569bf23661b456c5c9d3 d_cpp.tar.bz2