On 01/11/16 06:36, Travis Burtrum wrote:
From abb057844eec0e5707c31b643d0f2187b4cf0eb6 Mon Sep 17 00:00:00 2001 From: Travis Burtrum <travis.archlinux@burtrum.org> Date: Mon, 31 Oct 2016 02:12:31 -0400 Subject: [PATCH] Add per-repo PinnedPubKey option
This sets curl's CURLOPT_PINNEDPUBLICKEY option in the built-in downloader, or replaces %p in XferCommand. This pins public keys to ensure your TLS connection is not man-in-the-middled without relying on CAs etc. Probably most useful currently for very small groups or single servers.
It would obviously be best as a per-mirror option, but such a thing currently does not exist.
I agree that this is a per mirror option. It is too out of place as a per repository setting (except maybe when there is only a single sever providing a repo). So I will not accept this patch. Allan