On Sun, 30 Oct 2011 14:12:20 +0100 Pierre Schmitz <pierre@archlinux.de> wrote:
Hi all,
it's about time to finalize our signing policy to get all our packages properly signed as soon as possible. Note that this is just about signing the package itself. How we will manage our keyring and sign that one using master keys is a different story.
At first please have a look at https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and let me know if there is anything wrong or unclear. I would like to present this little Howto to the TU so that community packages can be signed as well.
To speed things up I'd like to let dbscripts enforce signed packages. This means that from now on no new packages can be uploaded that don't have a signature. We may give the TU a ew days mroe time as this will be new to them.
If you just agree with all this send a +1.
Greetings,
Pierre
I'm building my packages exclusive on pkgbuild.com and there I can't sign packages. If we do the switch in dbscripts then pkgbuild.com should be ready to generate signed packages. As far as I know it isn't possible yet, am I right? Otherwise I would say +1, but for now -1. Daniel