On Sun, Jun 13, 2010 at 7:46 AM, Xavier Chantry <chantry.xavier@gmail.com> wrote:
On Sun, Jun 13, 2010 at 11:38 AM, Ananda Samaddar <ananda@samaddar.co.uk> wrote:
This is the reason why we need package signing for Pacman. I'm aware that some progress has been made and it's being worked on. Are there any updates?
It's all there : http://projects.archlinux.org/users/allan/pacman.git/log/?h=gpg and there : http://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman
Come back to us when everything is implemented and working :)
You can also read the last thread : http://mailman.archlinux.org/pipermail/arch-general/2010-April/012897.html And contact Denis A. Altoé Falqueto about pacman-key and all the rest, and maybe Aleksis Jauntēvs too
Basically there is no one leading and coordinating these efforts, just various people who pushed it a bit at random time in the past, and got quickly de-motivated by the lack of interest from everyone else.
Yes, it's basically true. I'm ye a little motivated. I just don't have the time right now to do anything. I think I'll push pacman-key and some other things to the project on gitorious (http://gitorious.org/pacman-pkgsig). It is a fork of the sig branch of Allan's git repository, so that we can test things without the need to have commit rights on Allan's repo. Anyway, I'm trying to find some time to work on it as soon as possible, but I can't promise anything. This is my first time working with C in a big implementation, so this is other problem to deal with. And keep in mind that package signing per se will not solve this kind of problems. Repository database signing is more important for that solution, but is a problem in the current workflow of Arch developers. -- ------------------------------------------- Denis A. Altoe Falqueto -------------------------------------------