[pacman-dev] [Package Signing] [repo-add] Check signature used to verify is not only good but is also in a list of accepted keys
Hi, Allan and friends :) I'm working on the items of the todo list [1] for package signing and have a question with the item of the subject of this email. Basically, what should be the list of accepted keys? The keys in pacman's keyring? Probably yes, isn't it? So the signature is made with a key from user's keyring (be it the default or one passed as parameter) and the verifying should be made with pacman's keyring? Just asking to be sure. [1] https://wiki.archlinux.org/index.php/User:Allan/Package_Signing -- ------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------
On 04/02/11 11:41, Denis A. Altoé Falqueto wrote:
Hi, Allan and friends :)
I'm working on the items of the todo list [1] for package signing and have a question with the item of the subject of this email.
Basically, what should be the list of accepted keys? The keys in pacman's keyring? Probably yes, isn't it? So the signature is made with a key from user's keyring (be it the default or one passed as parameter) and the verifying should be made with pacman's keyring?
Just asking to be sure.
[1] https://wiki.archlinux.org/index.php/User:Allan/Package_Signing
Essentially I am not so sure myself! This TODO came from a note in the "repo-add: add -v/--verify option" commit message. But in the end, I would think the pacman keyring should be used for verification here as separation from the users keyring is probably preferable. Allan
On Fri, Feb 4, 2011 at 12:10 AM, Allan McRae <allan@archlinux.org> wrote:
Essentially I am not so sure myself!
This TODO came from a note in the "repo-add: add -v/--verify option" commit message. But in the end, I would think the pacman keyring should be used for verification here as separation from the users keyring is probably preferable.
Fine, I'll implement it and we can discuss it further when I submit the patches. Thanks! -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------
participants (2)
-
Allan McRae
-
Denis A. Altoé Falqueto