On 2011/6/1 Kerrick Staley <mail@kerrickstaley.com> wrote:
tl;dr. You seem to have issues separating what happens here on pacman-dev from what happens in Arch Linux. Although the majority of pacman's userbase _is_ indeed Arch Linux, we maintain portability to OSX, cygwin, and the BSDs. Anything to do with Arch Linux packages _specifically_ has no effect on our ability to roll out a new release of pacman.
Security is a system, not a line of code, and other distributions will need to implement a secure system if they want to use pacman as their package manager. Hence, broader discussion about the implementation of signing should take place on this list; anything specific to Arch can be generalized to other distributions. You're correct in that we don't have to wait on the infrastructure to ship an updated pacman, but I'm personally only interested in achieving a working implementation of package signing on Arch Linux, and so I will frame my discussion appropriately. Perhaps I could have clarified that "Blocking" and "Non-Blocking" are relative to this goal.
Hello Kerrick, As you say, pacman is not a system, just lines of code, it provides tools to use gpg as a security system, and any system discussions go to arch-general@archlinux.org. Few Archlinux developers, as far as I know, read the pacman-dev mailing-list. Rémy.