[pacman-dev] Package signing in pacman
Hello dear pacman developer mailing list readers. Right now my favourite distribution for a lot of cases would be Arch, but i have concerns about security as there (right now) is no package signing mechanism established in pacman. I've been asking in the #archlinux IRC channel and goit pointed here. Could someone give me any further information about the ongoing process of implementing package signing mechanism in pacman? Thanks a lot. Yours sincerely, - Armin
On 05/17/2011 11:57 AM, Dark Byte wrote:
Hello dear pacman developer mailing list readers.
Right now my favourite distribution for a lot of cases would be Arch, but i have concerns about security as there (right now) is no package signing mechanism established in pacman. I've been asking in the #archlinux IRC channel and goit pointed here. Could someone give me any further information about the ongoing process of implementing package signing mechanism in pacman? Thanks a lot.
Yours sincerely,
- Armin
It's a work in progress. It's not an easy task to implement the pkg signing infrastructure. You could look at the devtools and pacman git repo and the wiki https://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman https://wiki.archlinux.org/index.php/Pacman_Roadmap Althought i don't know how up to date the pages are. -- Jelle van der Waa
On Tue, May 17, 2011 at 6:06 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
On 05/17/2011 11:57 AM, Dark Byte wrote:
Hello dear pacman developer mailing list readers.
Right now my favourite distribution for a lot of cases would be Arch, but i have concerns about security as there (right now) is no package signing mechanism established in pacman. I've been asking in the #archlinux IRC channel and goit pointed here. Could someone give me any further information about the ongoing process of implementing package signing mechanism in pacman? Thanks a lot.
Yours sincerely,
- Armin
It's a work in progress. It's not an easy task to implement the pkg signing infrastructure. You could look at the devtools and pacman git repo and the wiki https://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman https://wiki.archlinux.org/index.php/Pacman_Roadmap
Althought i don't know how up to date the pages are.
This is the more focused page of actual steps we still have to take to get things going: https://wiki.archlinux.org/index.php/User:Allan/Package_Signing -Dan
On Tue, May 17, 2011 at 11:57:52AM +0200, Dark Byte wrote:
Hello dear pacman developer mailing list readers.
Right now my favourite distribution for a lot of cases would be Arch, but i have concerns about security as there (right now) is no package signing mechanism established in pacman. I've been asking in the #archlinux IRC channel and goit pointed here. Could someone give me any further information about the ongoing process of implementing package signing mechanism in pacman? Thanks a lot.
Yours sincerely,
- Armin
It's under development. To be honest a lot of Arch users are tired of this discussion popping up. If you want it to show up sooner, then you could help by submitting patches of your own to the pacman developers. It'll get here when it gets here.
participants (4)
-
Dan McGee
-
Dark Byte
-
Jelle van der Waa
-
yaro@marupa.net