On Sat, 2011-02-19 at 20:05 +0100, Alf Gaida wrote:
Yeah! Archers deserve to die!
But really I'm not convinced by this hyper-paranoia trash. There will always be ways to compromise your machine. Someone who would go through the trouble of setting up a proxy mirror and injecting malicious code into seemingly normal packages is probably going to find other ways. Package signing will not protect you.
You will never be safe. The truth is out there. This is opensource - if you would create real trouble, just help with kernel- modules. ;) The only difference is, in other distributions these errors came through your system signed.
Why hacking, when simple development is so easy?
I don't understand what you are saying, but in short. You can't force Allan / any pacman-dev to create package signing for pacman. If you really want to get this feature into pacman/archlinux (dbscripts etc. needs to be redone too): -read the code -add patches -wait for devs to sign them off on a side note: http://media.ccc.de/browse/congress/2010/27c3-4295-en-high_speed_high_securi... -- Jelle van der Waa