On Tue, Aug 25, 2009 at 12:19 AM, Allan McRae<allan@archlinux.org> wrote:
Xavier wrote:
Just to let you know that I resurrected the gpg branch there : http://code.toofishes.net/cgit/xavier/pacman.git/log/?h=gpg
I took Dan's newgpg branch (with a few changes) : http://code.toofishes.net/cgit/dan/pacman.git/commit/?h=newgpg then merged the pending patches we had : http://archlinux.org/pipermail/pacman-dev/2008-December/007808.html http://archlinux.org/pipermail/pacman-dev/2008-December/007836.html http://archlinux.org/pipermail/pacman-dev/2008-December/007837.html and rebased it all on master.
Actually I don't see what else needs to be done on the implementation side, it looks almost complete to me.
Now the big remaining problem is everything related to key administration still needs to be figured out, and this is critical in term of security. But it might not need additional tool support.
So... how about we set up a small signed package repo somewhere and just see how this all goes? We are not going to know all the issues until we actually use it.
That's probably a good idea. I wish some people who actually knew how to use gnupg a bit could help though :)