Hey, I know that package signing is not a favorite topic, but as its implemented, the world should know, which packages are signed for the time where unsigned and signed packages reside next to each other. Maybe also more people will "complain" to the devs about not-yet signed packages. This fancy one-liner is just an idea, maybe the printf should go to the place, where pacman checks, if the package has a signature and complain there. Or while installing packages, a little * could appear for signed packages. Ideas? -robert
From 648c0ecf65d3cc34559fecbb93b67d572fb1f9c5 Mon Sep 17 00:00:00 2001 From: robert <r.evert_AT_tu-bs.de> Date: Tue, 1 Nov 2011 20:41:25 +0100 Subject: [PATCH] - Add some kind of user feedback about package signing
--- lib/libalpm/signing.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 92f34b5..9928fc0 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -665,6 +665,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, switch(siglist->results[num].validity) { case ALPM_SIGVALIDITY_FULL: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n"); + printf(_("Package signature for %s is valid.\n"), path); break; case ALPM_SIGVALIDITY_MARGINAL: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is marginal trust\n");