On Wed, Feb 3, 2010 at 7:42 PM, Florian Friesdorf <flo@chaoflow.net> wrote:
On Wed, Feb 03, 2010 at 09:32:12PM +0300, Lex Rivera wrote:
On 03/02/10 19:10, Florian Friesdorf wrote:
What about a peer trust network? Publishing packages on the AUR would involve giving an pgp public key. People sign their PKGBUILDs using their private key. People can define trust relationships towards other people ("I trust this person to write good PKGBUILDs" and "I trust this person's trust in other's"). Being a TU would mean to be signed by the TU-Authority (or whatever) and trusting the TU authority's trust would mean you can install packages that are created by TU's.
Peer trust network? Isn't that too hard for ordinary user? Download key, import it, set trust level... If there will be some list of "Checked Users" this will be easier and friendlier. But peer trust net is nice idea anyway.
yaourt could ship with the TU-Auth's public key and it's default configuration could be to trust packages by people that are signed by the TU-Auth.
key management should further be integrated into yoaurt (or the like)
Yaourt is not supported officially, and it's buggy and abandoned program at this momment, and it has got a very bad design concept to parse URLs directly, so much people wouldn't like to use it ... Best Regards, Laszlo Papp