13 Jun
2010
13 Jun
'10
9:48 a.m.
On Sun, 13 Jun 2010 19:48:53 +1000 Allan McRae <allan@archlinux.org> wrote:
This is the reason why we need package signing for Pacman. I'm aware that some progress has been made and it's being worked on. Are there any updates?
Yes... because package signing magically fixes all upstream issues.
Allan
My point was that malicious attackers can add compromise packages to mirrors and alter the repo.db. Package signing would mitigate that. I was attempting to say that what happened in this instance could happen to an Arch mirror or mirrors. There's no need to be rude. Ananda