[arch-dev-public] Finalizing the package signing process

Pierre Schmitz pierre at archlinux.de
Sun Oct 30 09:12:20 EDT 2011

Hi all,

it's about time to finalize our signing policy to get all our packages
properly signed as soon as possible. Note that this is just about
signing the package itself. How we will manage our keyring and sign that
one using master keys is a different story.

At first please have a look at
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
let me know if there is anything wrong or unclear. I would like to
present this little Howto to the TU so that community packages can be
signed as well.

To speed things up I'd like to let dbscripts enforce signed packages.
This means that from now on no new packages can be uploaded that don't
have a signature. We may give the TU a ew days mroe time as this will be
new to them.

If you just agree with all this send a +1.



Pierre Schmitz, http://pierre-schmitz.com

More information about the arch-dev-public mailing list