On Sun, 03 Nov 2013 20:03:41 +1000 Allan McRae <allan@archlinux.org> wrote:
Finally, I think signing databases is far more important than signing packages. The most practical attack on Arch is to become a mirror and hold back package updates with known vulnerabilities. Then you even know the IP addresses of people who have the vulnerable package. DB signing stops this as the entire database needs held back and people will notice the lack of updates.
Imo it would also be useful to be able to test checksums of installed binaries to the packages available in the repos. One could possibly even verify the installed packages against another mirror. But in it's essence an improved -Qkk could be useful to verify system integrity. -- Joakim