On 9/2/20 11:02 PM, Allan McRae wrote:
Pacman now downloads the signature files for all packages when present in a repository. That makes distributing signatures within repository databases redundant and costly.
Do not distribute the package signature files within the repo databases by default and add an --include-sigs to revert to the old behaviour.
As I've mentioned on the list before, I would like an --ignore-sigs option and continue to distribute sigs by default for pacman 6.0 In pacman 6.1 we'll switch by default to ignoring them, and let people use --include-sigs to revert to the old behavior. Ignoring sigs right out of the gate means the default behavior of repo-add is to be unusable for people upgrading from pacman N-1. For example, Arch Linux would most certainly need to use the option to provide backwards compat while upgrading. So do third-party repositories. Also: this option cannot be added to scripts ahead of time, since repo-add will error on an unknown option, and it cannot be added after the fact, since some packages will be broken in the meantime. I don't see what the rush is here to add behavior that no one will want to use. - It makes sense to make this configurable now that it's useful to be able to ignore them. - At the same time, defaults should be based on what is more likely for people to want. -- Eli Schwartz Bug Wrangler and Trusted User