Package Details: palemoon-bin 1:33.4.1-1

Git Clone URL: https://aur.archlinux.org/palemoon-bin.git (read-only, click to copy)
Package Base: palemoon-bin
Description: Open source web browser based on Firefox focusing on efficiency.
Upstream URL: http://linux.palemoon.org/
Keywords: browser goanna web
Licenses: GPL, MPL, LGPL
Conflicts: palemoon
Provides: palemoon
Submitter: sumt
Maintainer: oberon2007 (WorMzy)
Last Packager: WorMzy
Votes: 196
Popularity: 0.72
First Submitted: 2014-06-03 14:55 (UTC)
Last Updated: 2024-11-06 11:12 (UTC)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 .. 17 Next › Last »

keepitsimpleengr commented on 2023-05-17 17:28 (UTC) (edited on 2023-05-17 17:38 (UTC) by keepitsimpleengr)

[--ljohnson{10:23:26}palemoon-bin]$ makepkg -srci\ ==> Making package: palemoon-bin 1:32.2.0-1 (Wed 17 May 2023 10:24:02 AM PDT)\ ==> Checking runtime dependencies...\ ==> Checking buildtime dependencies...\ ==> Retrieving sources...\ -> Found palemoon.desktop\ -> Found palemoon-32.2.0.linux-x86_64-gtk2.tar.xz\ -> Found palemoon-32.2.0.linux-x86_64-gtk2.tar.xz.sig\ ==> Validating source files with sha256sums...\ palemoon.desktop ... Passed\ palemoon-32.2.0.linux-x86_64-gtk2.tar.xz ... Passed\ palemoon-32.2.0.linux-x86_64-gtk2.tar.xz.sig ... Skipped\ ==> Verifying source file signatures with gpg...\ palemoon-32.2.0.linux-x86_64-gtk2.tar.xz ... FAILED (unknown public key 865E6C87C65285EC)\ ==> ERROR: One or more PGP signatures could not be verified!

dreieck commented on 2022-08-06 14:15 (UTC)

Fails to download source:

  -> Downloading palemoon-31.2.0.linux-x86_64-gtk2.tar.xz...
--2022-08-06 16:03:27--  https://linux.palemoon.org/datastore/release/palemoon-31.2.0.linux-x86_64-gtk2.tar.xz
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving linux.palemoon.org (linux.palemoon.org)... 2a01:4a0:68:1::492a, 80.255.7.132
Connecting to linux.palemoon.org (linux.palemoon.org)|2a01:4a0:68:1::492a|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-08-06 16:03:28 ERROR 404: Not Found.

WorMzy commented on 2022-03-21 17:06 (UTC) (edited on 2022-03-21 17:26 (UTC) by WorMzy)

Please note that the 30.0.x release has been pulled while upstream deal with the fallout of the actions a disgruntled contributor. While there is nothing suggesting the 30.0.x releases are compromised in any way, the lead dev is understandably too busy performing damage control to support the 30.0.x release and is recommending people stick to 29.4.4 for the time being.

More details at https://forum.palemoon.org/viewtopic.php?f=1&t=28044

dmnc commented on 2022-02-13 14:26 (UTC)

Importing Moonchild's key (8FCF9CEC) doesn't solve the problem, just the old key from Travis (travawine@protonmail.com) but afaik we can trust this key.

Ralf_Mardorf commented on 2021-07-21 10:28 (UTC)

Assuming the fingerprint is correct, verified by a web of trust, a signed checksum is used, to grant a sources used by a PKGBUILD is unmodified. This for example ensure that nobody hacked the download page and replaced the source by a modified malicious source. You always only have the word of the person providing the source with the signed checksum for download, but at least nobody else can do something harmful. You better don't skip the validation. While fingerprints and the web of trust are sensitive topics, still consider to use checksums.

mozo commented on 2021-07-21 08:54 (UTC)

@andym Sure :)

AndyM48 commented on 2021-07-21 08:38 (UTC)

@mozo But without the checks I only have your word for it :) :) - no offence.

mozo commented on 2021-07-21 08:30 (UTC)

@andym Yes, but this package is safe :)

AndyM48 commented on 2021-07-21 08:23 (UTC)

@mozo It is ALWAYS a bad idea to skip integrity checks!

« First ‹ Previous 1 2 3 4 5 6 7 .. 17 Next › Last »