21 May
2011
21 May
'11
6:29 a.m.
On 21/05/11 16:14, Allan McRae wrote:
All this is off-topic for this list as pacman will not care how packages and repos are signed. It will just verify whether the package/repo can be validated using the keychain it is provided.
Just to clarify, I do see how the keychain is managed by a distribution as an important issue to be discussed. However, it is also the most political issue in this package signing business and discussing it on this list just ends up derailing discussion on actual pacman development. This is why it needs to be kept completely separate from discussions about implementing signature verification work in pacman. Allan