On 31/01/11 09:23, Daniel Mendler wrote:
And another topic: I have seen that Allan is working on gpg-support. How far is this from deployment?
Not all that far, but far enough that I very much doubt it will make a 3.5 release. Also, there has been no work on this by me (or anyone...) in the last few months. This is the current branch which I rebase on master ever so often: http://projects.archlinux.org/users/allan/pacman.git/log/?h=gpg I ran that branch for a while with a signed repo and it worked. There were obvious issues in terms of the output being awful and some bugs/missing features but it mostly works. This TODO is fairly up-to-date and complete: https://wiki.archlinux.org/index.php/User:Allan/Package_Signing I think that the pacman-key, makepkg, and repo-add TODOs could be knocked off by someone sitting down for a few hours and making a decent attack at them. Especially given some sort of patch is already available for most of it. The output and database update issues in pacman are probably the biggest blockers here. That is an area I would be very, very happy to receive patches for... Allan