From 84e17da7cebebfff8dbad7bcdbaef1c14e380036 Mon Sep 17 00:00:00 2001
From: onefang
Date: Mon, 2 Dec 2019 06:47:48 +1000
Subject: TODO+=2

---
 apt-panopticon.lua | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'apt-panopticon.lua')

diff --git a/apt-panopticon.lua b/apt-panopticon.lua
index da349fd..5aaa858 100755
--- a/apt-panopticon.lua
+++ b/apt-panopticon.lua
@@ -950,6 +950,7 @@ if 0 < #arg then
 			execute('diff -U 0   results_old/pkgmaster.devuan.org/merged/dists/' .. n .. '/Release.SORTED ' ..
 					    'results/pkgmaster.devuan.org/merged/dists/' .. n .. '/Release.SORTED ' ..
 					    '| grep -v "@@" | grep "^+" | grep "Packages.xz$" |  cut -c 77- >results/NEW_Release_' .. n .. '.txt')
+-- TODO - Maybe check the date in Release, though since they are updated daily, is there any point?  Perhaps it's for checking amprolla got run?
 		    else
 -- TODO - compare to the pkgmaster copy.
 		    end
@@ -1012,6 +1013,7 @@ if 0 < #arg then
 					if m ~= fm:sub(2, -2) then E('Package MD5 sum mismatch - results/' .. pu.host .. "/merged/" .. p, 'http', 'Integrity', pu.host) end
 					local status, fsha = execute('sha256sum results/' .. pu.host .. "/merged/" .. p .. ' | cut -d " " -f 1')
 					if sha ~= fsha:sub(2, -2) then E('Package SHA256 sum mismatch - results/' .. pu.host .. "/merged/" .. p, 'http', 'Integrity', pu.host) end
+-- TODO - maybe check the PGP key, though packages are mostly not signed.
 				    end
 				end
 				if testing("Updated") then
-- 
cgit v1.1