31 Jul
2011
31 Jul
'11
3:15 a.m.
I was thinking of how we currently check package validity and had planned to do something like: 1) signature check 2) md5sum check _only_ if no signature to check with the intention of adding an sha256sum check in the middle in the future (perhaps only if pacman is built using openssl to save us having to provide the routines...). But as far as I can tell, _alpm_check_pgp_helper does not allow you to distinguish between a successful signature check and the case where no signature is available and signature checking is not required. Is that correct or am I missing something? Allan