On Tue, May 17, 2011 at 6:06 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
On 05/17/2011 11:57 AM, Dark Byte wrote:
Hello dear pacman developer mailing list readers.
Right now my favourite distribution for a lot of cases would be Arch, but i have concerns about security as there (right now) is no package signing mechanism established in pacman. I've been asking in the #archlinux IRC channel and goit pointed here. Could someone give me any further information about the ongoing process of implementing package signing mechanism in pacman? Thanks a lot.
Yours sincerely,
- Armin
It's a work in progress. It's not an easy task to implement the pkg signing infrastructure. You could look at the devtools and pacman git repo and the wiki https://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman https://wiki.archlinux.org/index.php/Pacman_Roadmap
Althought i don't know how up to date the pages are.
This is the more focused page of actual steps we still have to take to get things going: https://wiki.archlinux.org/index.php/User:Allan/Package_Signing -Dan