On Thu, Dec 18, 2008 at 7:02 AM, Gerhard Brauer <gerbra@archlinux.de> wrote:
Am Wed, 17 Dec 2008 18:22:36 +0530 schrieb Jatheendra <jatheendra@gmail.com>:
A patch for adding VerifySignature options in pacman.conf
From your other mail:
These patches will add VerifySig option to pacman.conf. VerifySig takes options Always, Optional or Never
[repo-name] Server = ServerName VerifySig = Always Include = IncludePath ------------
I've not tested your patch (today evening maybe), but i am not very happy with this triple state. If i choose to use a repo which offers signed packages then i want the "full program", so if something wrong with one package i don't want it get installed/upgraded. And if i have a repo without signing then i don't put the option in the repo section of pacman.conf.
I think "Optional" makes sense in some cases. Let's take the community repo, where things tend to be a hodge-podge of ideas and attitudes. I can imagine half the packages being signed, some being unsigned, and some being signed by keys not in the keyring. That is an edge case though...