[arch-general] Doubt about signed packages. - Arch-general - lists.archlinux.org

newer
[arch-general] Bug 22828 makes me...

[arch-general] Doubt about signed packages.

older
Re: [arch-general]...

Keerthan jai.c

1 Mar 2011 1 Mar '11

7:20 a.m.

Why can't we do this? 1) Keep hashes of {core,extra,community,multilib}.db in plaintext in keys.archlinux.org or something 2) while syncing pacman compares the hashes of the downloaded dbs from the main server ensuring that the packages are not tampered! -- have a nice day -jck

Show replies by date

Ng Oon-Ee

1 Mar 1 Mar

8:18 a.m.

On Tue, 2011-03-01 at 12:50 +0530, Keerthan jai.c wrote:

Why can't we do this?

1) Keep hashes of {core,extra,community,multilib}.db in plaintext in keys.archlinux.org or something 2) while syncing pacman compares the hashes of the downloaded dbs from the main server ensuring that the packages are not tampered!

I suggest you first look at all the prior discussion on the topic. Its not as simple as that.

5045

Age (days ago)

5045

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Keerthan jai.c
Ng Oon-Ee