[2012-04-30 10:18:36 +1000] Allan McRae:
On 30/04/12 08:59, Gaetan Bisson wrote:
Then, set the following in your pacman.conf:
SigLevel = PackageRequired TrustedOnly
Setting that globally causes failures with "pacman -U" and unsigned packages. So PackageRequired should only be enabled on a per repo basis at the moment.
Right.
We could do a pacman update with an updated pacman.conf for people to merge to help this along.
That would be great. In fact, package verification could even be enabled by default in the new pacman.conf, archlinux-keyring added as a dependency of pacman, and the news item summed up into a post-install message. Attached are a patch to our pacman package and an updated news post doing this. Comments welcome! Cheers. -- Gaetan