Hi Allan
As far as I am concerned, the major points on the TODO list that need patches are the first five for pacman:
TODO: fix (and refactor) reading signatures for packages installed with -U TODO: have a way to force a signature check with -U (i.e. abort if no signature is found) TODO: only replace old database when signature is valid TODO: output when downloading signature file - name when downloaded TODO: output when downloading signature file - "error" when not available
I have a patch for the third point. Can you please clarify the last two points? Do you think the output is too verbose (two download progress bars with the same name etc, and two error messages in case of error)?
The other issues are all fairly minor (and the pacman-key/makepkg ones mostly have patches that just need revised already).
I took a look on the other patches. I agree that these need only reviewing and merging.
So if patches are submitted for those five points, and any criticism followed up, I will commit to then spending the time doing the needed tidying/rebasing of the code on my gpg branch to have it suitable for merging.
Sounds good. Daniel