On 03/10/2012 08:12 AM, Kevin Chadwick wrote:
On Mon, 05 Mar 2012 10:42:15 +0100 Florian Pritz wrote:
You should read pacman.conf(5) "PACKAGE AND DATABASE SIGNATURE CHECKING" and use "Optional PackageRequired"
Quick question and I'm guessing the answer will be just to wait and that's fine.
There are just a few packages preventing me from using Required in pacman.conf.
Like scribes and xcb-proto (the testing version is signed so I guess that will migrate).
Just wondering if there is any pacman.conf magic that will tie a signature checking setting to a particaulr package name?
p.s.
I don't know what people use apart from just updating regularly but I've just written a script to look up packages installed with exploits (cves) and also curently in the three main repos for arch. I haven't the time at the mo to make it less crude and generic/ready/fancy for the general public, but if anyone's interested let me know.
I would be interested in seeing the script you wrote for this please. Thanks :)
This is what I found recently.
bugzilla-4.2 flyspray-0.9.9.6 phpldapadmin-1.2.2 wordpress-3.3.1 emacs-23.4 flashplugin-11.1.102.62 glib-1.2.10 mysql-5.5.21 ocaml-3.12.1 tomcat-5.5.34 vlc-2.0.0