On 2011/5/21 Kerrick Staley <mail@kerrickstaley.com> wrote:
Note that how Arch will deal with signing in their repos is being finalised elsewhere, but to reiterate, that has nothing to do with the pacman implementation. Where?
This is why it needs to be kept completely separate from discussions about implementing signature verification work in pacman. Eh? pacman-dev is the most relevant list I've found for discussion of this issue. The key-signing mechanism in pacman (in particular, its ease-of-use) has a direct impact on its adoption, and the two conversations should not be separated.
Hello Kerrick, There is no such key-signing mechanism in pacman, and there no plan to have such a thing. Keys are signed using the standard GPG utilities and are completely up to the packagers and repository admins. Details about the implementation chosen by Archlinux can be discussed on arch-general@archlinux.org. You may also find discussions in archives of arch-dev-public@archlinux.org. Rémy.