On 20/02/11 10:36, Daniel Mendler wrote:
I think this should also go to a much more technical level. We have the gpg tree in Allan's repository. As I said I tested it with a repository and got it to work. So can you tell me what do you need till this can be merged into master?
1. Design a strategy to manage the keyrings and adapt the tools to it 2. Patches for the issues on the Package Signining Wiki Page 3. Patches to db-scripts to manage the database with gpg signatures
Some of the issues on the wiki page are really minor (e.g. rename option). There are more complex ones (replacing verified db with unverified one, reworking the signature checking code when using pacman -U). And there are already patches for some of the issues.
So what do you say about the code quality of the branch? It it acceptable at this point or is there improvement needed? Are there other blockers preventing you from merging it as soon as the points above are solved?
As far as I am concerned, the major points on the TODO list that need patches are the first five for pacman: TODO: fix (and refactor) reading signatures for packages installed with -U TODO: have a way to force a signature check with -U (i.e. abort if no signature is found) TODO: only replace old database when signature is valid TODO: output when downloading signature file - name when downloaded TODO: output when downloading signature file - "error" when not available The other issues are all fairly minor (and the pacman-key/makepkg ones mostly have patches that just need revised already). So if patches are submitted for those five points, and any criticism followed up, I will commit to then spending the time doing the needed tidying/rebasing of the code on my gpg branch to have it suitable for merging. Allan