On 05/17/2011 11:57 AM, Dark Byte wrote:
Hello dear pacman developer mailing list readers.
Right now my favourite distribution for a lot of cases would be Arch, but i have concerns about security as there (right now) is no package signing mechanism established in pacman. I've been asking in the #archlinux IRC channel and goit pointed here. Could someone give me any further information about the ongoing process of implementing package signing mechanism in pacman? Thanks a lot.
Yours sincerely,
- Armin
It's a work in progress. It's not an easy task to implement the pkg signing infrastructure. You could look at the devtools and pacman git repo and the wiki https://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman https://wiki.archlinux.org/index.php/Pacman_Roadmap Althought i don't know how up to date the pages are. -- Jelle van der Waa