Florian Pritz <bluewind@xinu.at> on Mon, 05 Mar 2012 10:42:15 +0100:
On 05.03.2012 10:39, Christian Hesse wrote:
Hello everybody,
afaik, database files in official repositories are not signed yet. Are they?
This forces one to set SigLevel to 'Optional' instead of 'Required'. Now if anybody wants to provide an infected package he/she only needs to provide no signature at all and the package is happily accepted, no?
So when will database files from official packages be signed?
And even more interesting: Does it make sense to add a new option 'PkgRequired'? This could force valid signatures for packages and make it optional for database files.
You should read pacman.conf(5) "PACKAGE AND DATABASE SIGNATURE CHECKING" and use "Optional PackageRequired"
I misread the lines about combining of the options and prefixes. My fault, I am perfectly happy now. ;) Sorry for the noise! -- Best regards, Chris O< ascii ribbon campaign stop html mail - www.asciiribbon.org