On Tue, 06 Nov 2012 20:33:20 +0100 Thomas Bächler <thomas@archlinux.org> wrote:
Am 06.11.2012 20:11, schrieb Leonid Isaev:
A bit OT, but anyway... Are there any plans for actually storing *.sig files in the cache alongside the packages? This costs a tiny amount of space, but IMHO will make verification (especially of old packages) much easier.
pacman does not download them, so it cannot store them.
Signatures are contained in the db file.
Yes, but it's only for the current (latest synced) set of packages, and even then I have to parse the desc files and filter the ascii sigs through base64, all outside of pacman which I think does it anyway at the verification stage. Hence my question. For example, I don't mind a performance hit due to regeneration of all binary signatures on the fly. Just an opinion though... -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D