nevaforget
0fba63571c
All checks were successful
Update PKGBUILD version / update-pkgver (push) Successful in 2s
The registry signing key was imported without verifying its fingerprint, allowing a MITM or compromised server to inject a rogue key. Now checks the downloaded key against a pinned fingerprint before import. Also adds trap EXIT for tempfile cleanup and rejects empty curl responses.