On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng <remyoudompheng@gmail.com> wrote:
These patches (partially already submitted before) make linking with gpgme optional, and also implement a configuration option for pacman to use an external tool for signature checking. The given example is "gpg --verify - $filename", but "/bin/true" could be used to totally bypass checking.
You totally misread my TODO item, sorry, and I never intended someone else to do this one but put it on the list in trying to be open about things. :/ I meant nothing about letting an external tool validate signatures; as a matter of fact I am highly against this. I only wanted gpgme and signature checking to be an option that could be omitted when compiling, for instance if someone decided to use this to manage custom packages elsewhere with no intent of sharing publicly, or another OS where gpg is not so readily available. So I will take a look at the first half, but the second half will not be going anywhere. -Dan