[arch-dev-public] Finalizing the package signing process
Tom Gundersen
teg at jklm.no
Sun Oct 30 09:27:08 EDT 2011
On Sunday 30 October 2011 14:12:20 Pierre Schmitz wrote:
> Hi all,
>
> it's about time to finalize our signing policy to get all our packages
> properly signed as soon as possible. Note that this is just about
> signing the package itself. How we will manage our keyring and sign that
> one using master keys is a different story.
>
> At first please have a look at
> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
> let me know if there is anything wrong or unclear. I would like to
> present this little Howto to the TU so that community packages can be
> signed as well.
>
> To speed things up I'd like to let dbscripts enforce signed packages.
> This means that from now on no new packages can be uploaded that don't
> have a signature. We may give the TU a ew days mroe time as this will be
> new to them.
>
> If you just agree with all this send a +1.
+1 to enforce signed packages. This has been discussed for months and creating
a key takes only a few seconds.
-t
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20111030/a7110ba0/attachment.asc>
More information about the arch-dev-public
mailing list