[aur-general] FYI: New packages have to be signed
Hi all, as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages A new version of devtools will follow soon. Greetings, Pierre -- Pierre Schmitz, http://pierre-schmitz.com
Just wondering, as a user, does this mean Pacman will now complain if one builds and installs unsigned packages from the AUR? Smartboy On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Hi all,
as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
A new version of devtools will follow soon.
Greetings,
Pierre
-- Pierre Schmitz, http://pierre-schmitz.com
On 11/01/2011 05:04 PM, Smartboy wrote:
Just wondering, as a user, does this mean Pacman will now complain if one builds and installs unsigned packages from the AUR?
it won't complain because SignLevel is Optional TrustedOnly, which means that it will check if a signature is available. p.s top posting sucks
Smartboy
On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz<pierre@archlinux.de> wrote:
Hi all,
as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
A new version of devtools will follow soon.
Greetings,
Pierre
-- Pierre Schmitz, http://pierre-schmitz.com
-- Ionuț
Excerpts from Pierre Schmitz's message of 2011-11-01 15:40:53 +0100:
Hi all,
as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
A new version of devtools will follow soon.
Greetings,
Pierre
Did this go to the right list? Was it only meant for TUs? If neither, please elaborate. Philipp
On Tue, Nov 1, 2011 at 4:04 PM, Smartboy <smartboyathome@gmail.com> wrote:> Just wondering, as a user, does this mean Pacman will now complain if one> builds and installs unsigned packages from the AUR? nope, pacman -U would work the same way.
Smartboy>> On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz <pierre@archlinux.de> wrote:>>> Hi all,>>>> as discussed all new packages have to be signed from now on. This mean>> that if you use a build server you have to download the package to>> create the signature. Also see>> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages>>>> A new version of devtools will follow soon.>>>> Greetings,>>>> Pierre>>>> -->> Pierre Schmitz, http://pierre-schmitz.com>>>
On Tue, Nov 1, 2011 at 6:53 PM, Philipp Überbacher <hollunder@lavabit.com> wrote:
Excerpts from Pierre Schmitz's message of 2011-11-01 15:40:53 +0100:
Hi all,
as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
A new version of devtools will follow soon.
Greetings,
Pierre
Did this go to the right list? Was it only meant for TUs? If neither, please elaborate.
Philipp
To: Public mailing list for Arch Linux development> <arch-dev-public@archlinux.org>, "Discussion about the Arch User Repository> (AUR)" <aur-general@archlinux.org> -- Kwpolska <http://kwpolska.tk> stop html mail | always bottom-post www.asciiribbon.org | www.netmeister.org/news/learn2quote.html GPG KEY: 5EAAEA16 | Arch Linux x86_64, zsh, mutt, vim. # vim:set textwidth=70:
Am 01.11.2011 19:05, schrieb Kwpolska:
On Tue, Nov 1, 2011 at 4:04 PM, Smartboy <smartboyathome@gmail.com> wrote:> Just wondering, as a user, does this mean Pacman will now complain if one> builds and installs unsigned packages from the AUR?
The default SigLevel is "Optional" for now. This should be changed to "PackageRequired" or "Required" IMO, but then you can't install unsigned packages with pacman -U any more. Maybe pacman -U --no-signature should exist.
On 01/11/11 18:53, Philipp Überbacher wrote:
Excerpts from Pierre Schmitz's message of 2011-11-01 15:40:53 +0100:
Hi all,
as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
A new version of devtools will follow soon.
Greetings,
Pierre
Did this go to the right list? Was it only meant for TUs? If neither, please elaborate.
Philipp
Yes this is only for TU's -- Jelle van der Waa
Alright, disregard my reply. Sorry. ^^; Smartboy
participants (7)
-
Ionut Biru
-
Jelle van der Waa
-
Kwpolska
-
Philipp Überbacher
-
Pierre Schmitz
-
Smartboy
-
Thomas Bächler