-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 21 Sep 2020, Allan McRae wrote:
On 21/9/20 3:51 pm, Andrew Gregory wrote:
I would suggest just allowing the user to specify either way (--include-sigs/--no-include-sigs, --include-sigs={yes,no}, etc). Then uses can specify whatever they want without having to worry about what we set as a default.
The problem is more the transition. I would like the default to be not to include the signatures in the repo database. So does pacman need to manage the transition from having signatures in a database to not, or do the users need to manage that?
With my patch (or any variant the does not include signatures by default), users upgrading to repo-add v6.0 would need to adjust their repo management utilities to add a signature include option immediately, as their users may still be using pacman-5.x.
How about adding the options --include-sigs and --no-include-sigs now without changing the default behaviour? Then, everyone could adopt their scripts to include that option. Afterwards, pacman v6.0 can change the default to not include signatures without breaking setups. I believe, this is, what Andrew meant, anyways.
Thinking of Arch here, a dbscripts update would need launched on the server at the same time as updating repo-add. I am OK with that - some updates need done in concert. But Eli was not.
Allan
regards, Erich -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl9oVAwACgkQCu7JB1Xa e1pLAw/+O8DrpZIKDuiUAtu+jTeovJnheLvNWEErYtJDtddXnYZhqotvdCZA5Ycl gdVBLejDwVfWraMQYBljfY85aUstJyIwEnQz6nmpKM1ywwIpJEdBZPdzW7BPQpiJ aPg9+GWJNKKj/IrfTCc0hNVrJuYQ2lPCchZfsAZLv3VSPj18BQNr1m7j4uzSjrPe hGzeRJBflUXV8QgrMBxF9UN4W25hQojnZ1SA88Dz8xoLzm7ffG5Fa6DlXgVXf8zb pqu9li949uL3W8teeZKn6b1Va8g3CxT30aZ96qI1Mzsmx8SuK1BGrbDek5OiD0r8 gqDhvCvV4McvcrTPK4cWZgWcnbEtBbU+mgk/mKNg9xleUqGo0dxVna6IIJ3W5jwL Mk7f72CAFxOMSJ4UwVIAgMXUlOQOFIZ7mtEtzWeYNPB5TA9qY+VS6aXKNdz0hzwP rCWwvYm2nJ18N2LqyUgfZ5jVnzOUg716c7H92k+45KdD/cQC6JS83zXuzQrauOan jVZTDzqSPDLfFzT71W8nsXnLlRCX12vfBP0fCOIHjB0WJz7g7B5hnFh7nmIIYwcC Dus7V8zvhGtSfFNTq973kE0Mfd/IFjSisNwtR+4G34EefkmjbEaoPH7ytCjA6lxl urGuaHejq9vdzmuwDj6An+9Io4vJVaAEI3R9IBk3dEu2naJPeGI= =iaM7 -----END PGP SIGNATURE-----