[arch-dev-public] Finalizing the package signing process

Daniel Isenmann daniel.isenmann at gmx.de
Sun Oct 30 13:56:18 EDT 2011

On Sun, 30 Oct 2011 14:12:20 +0100
Pierre Schmitz <pierre at archlinux.de> wrote:

> Hi all,
> it's about time to finalize our signing policy to get all our packages
> properly signed as soon as possible. Note that this is just about
> signing the package itself. How we will manage our keyring and sign
> that one using master keys is a different story.
> At first please have a look at
> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
> and let me know if there is anything wrong or unclear. I would like to
> present this little Howto to the TU so that community packages can be
> signed as well.
> To speed things up I'd like to let dbscripts enforce signed packages.
> This means that from now on no new packages can be uploaded that don't
> have a signature. We may give the TU a ew days mroe time as this will
> be new to them.
> If you just agree with all this send a +1.
> Greetings,
> Pierre

I'm building my packages exclusive on pkgbuild.com and there I can't
sign packages. If we do the switch in dbscripts then pkgbuild.com
should be ready to generate signed packages. As far as I know it isn't
possible yet, am I right?

Otherwise I would say +1, but for now -1.


More information about the arch-dev-public mailing list