On 04/02/11 11:41, Denis A. AltoƩ Falqueto wrote:
Hi, Allan and friends :)
I'm working on the items of the todo list [1] for package signing and have a question with the item of the subject of this email.
Basically, what should be the list of accepted keys? The keys in pacman's keyring? Probably yes, isn't it? So the signature is made with a key from user's keyring (be it the default or one passed as parameter) and the verifying should be made with pacman's keyring?
Just asking to be sure.
[1] https://wiki.archlinux.org/index.php/User:Allan/Package_Signing
Essentially I am not so sure myself! This TODO came from a note in the "repo-add: add -v/--verify option" commit message. But in the end, I would think the pacman keyring should be used for verification here as separation from the users keyring is probably preferable. Allan