On Mon, Jan 05, 2015 at 04:09:50AM -0500, Daniel Micay wrote:
On 04/01/15 04:05 PM, Christian Hesse wrote:
Hello everybody,
pacman 4.2.0 gained support for verifying source tarballs with kernel.org style signature. Some (even essential) packages could benefit from that, linux and git come to mind.
How to handle this? Report a bug for every package? Provide a list here?
I would create a wiki page with the list and then see if you can find a developer interested in mass-adding the missing signatures. I'd be interested in helping with it for [community], but you'll likely be able to do it yourself soon ;).
In the TODO list mentioned in this thread, community/exim is absent, even though its releases are signed (see e.g. this announcement https://lists.exim.org/lurker/message/20140811.135006.dc48cddf.en.html ). Cheers, -- Leonid Isaev GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4 C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D