On 2011/4/11 Dan McGee <dpmcgee@gmail.com> wrote:
On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng <remyoudompheng@gmail.com> wrote:
These patches (partially already submitted before) make linking with gpgme optional, and also implement a configuration option for pacman to use an external tool for signature checking. The given example is "gpg --verify - $filename", but "/bin/true" could be used to totally bypass checking.
You totally misread my TODO item, sorry, and I never intended someone else to do this one but put it on the list in trying to be open about things. :/
I meant nothing about letting an external tool validate signatures; as a matter of fact I am highly against this. I only wanted gpgme and signature checking to be an option that could be omitted when compiling, for instance if someone decided to use this to manage custom packages elsewhere with no intent of sharing publicly, or another OS where gpg is not so readily available.
Gah I read "like we do with our download code" which looked exactly like I thought. However, I may understand that you don't want to merge this, even if I found the idea interesting. -- Rémy.