On Friday 07 May 2010 04:10:44 Denis A. Altoé Falqueto wrote:
On Thu, May 6, 2010 at 12:57 AM, Denis A. Altoé Falqueto
<denisfalqueto@gmail.com> wrote:
I will test more use cases (like signing a third party key and importing it in pacman's keyring to see if gpg will compute the right trust level).
This pastebin is the current development for pacman-key. Still needs some more testing.
I did some very basic testing and it looks like it is working ok. Still thinking further - if the signatures are updated with pacman-keyring package, what if user doesn't update often and skips one or more versions of this package? Does this means that user still will have some unremoved signatures in his pacman keyring? Correct me if I understand this wrong. And other question, if some developers key becomes invalid, how to deal with all packages in the repos signed with this signature? -- Aleksis Jauntēvs