[pacman-dev] Fwd: Pacman Config File (SigLevel)
----- Forwarded message from Ingenieria Informatica <heyom.student@gmail.com> -----
Date: Tue, 5 Nov 2013 22:40:18 +0100 From: Ingenieria Informatica <heyom.student@gmail.com> To: dreisner@archlinux.org, dan@archlinux.org, allan@archlinux.org Subject: Pacman Config File (SigLevel)
Hello, my name is Hamoud and I have a small question:
According to pacman.conf:
[options]
# By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. SigLevel = Required TrustedOnly LocalFileSigLevel = Required TrustedOnly
I understand from the above that signatures will be required from both packages & databases AND If a signature is checked, it must be in the keyring and fully trusted; marginal trust does not meet this criteria.
Is that a valid configuration? because I only want to modify the option section as a default control of my packages/databases. I need to harden my system as much as possible specially with signature check (paranoid mode hehe)
Thank you very much in advance. :)
-- Regards
----- End forwarded message -----
On 06/11/13 07:50, Dave Reisner wrote:
----- Forwarded message from Ingenieria Informatica <heyom.student@gmail.com> -----
Date: Tue, 5 Nov 2013 22:40:18 +0100 From: Ingenieria Informatica <heyom.student@gmail.com> To: dreisner@archlinux.org, dan@archlinux.org, allan@archlinux.org Subject: Pacman Config File (SigLevel)
Hello, my name is Hamoud and I have a small question:
According to pacman.conf:
[options]
# By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. SigLevel = Required TrustedOnly LocalFileSigLevel = Required TrustedOnly
I understand from the above that signatures will be required from both packages & databases AND If a signature is checked, it must be in the keyring and fully trusted; marginal trust does not meet this criteria.
Is that a valid configuration? because I only want to modify the option section as a default control of my packages/databases. I need to harden my system as much as possible specially with signature check (paranoid mode hehe)
Thank you very much in advance. :)
Please do not send support emails directly to us. You are better asking on public mailing lists and forums if you expect answers. As to your question "Is that a valid configuration?". The answer is yes - perfectly valid. But it will not work on any distribution using pacman that I know of. Allan
participants (2)
-
Allan McRae
-
Dave Reisner