[arch-dev-public] Finalizing the package signing process
pierre at archlinux.de
Sun Oct 30 09:12:20 EDT 2011
it's about time to finalize our signing policy to get all our packages
properly signed as soon as possible. Note that this is just about
signing the package itself. How we will manage our keyring and sign that
one using master keys is a different story.
At first please have a look at
let me know if there is anything wrong or unclear. I would like to
present this little Howto to the TU so that community packages can be
signed as well.
To speed things up I'd like to let dbscripts enforce signed packages.
This means that from now on no new packages can be uploaded that don't
have a signature. We may give the TU a ew days mroe time as this will be
new to them.
If you just agree with all this send a +1.
Pierre Schmitz, http://pierre-schmitz.com
More information about the arch-dev-public