[arch-dev-public] Use detached package signatures by default
allan at archlinux.org
Thu Jul 9 03:22:11 UTC 2020
On 9/7/20 1:05 pm, Anatol Pomozov wrote:
> Given this information I would like to propose to stop using embedded
> signatures and move to detached signatures by default. This will
> require pacman 6.x or as alternative backport the fix(es) to 5.x
> branch. It will help to make system updates even faster, something
> that me and many other Arch users really love.
There are several steps we need to complete:
1) backport the patch (or wait for pacman-6.0, which may be a while
yet). I'll leave that to the distro packagers to decide!
2) adjust repo-add to optionally add signatures.
3) make a time line that all users need to have the patched/released
pacman installed - we usually require at least 6 months.
4) turn off signature inclusion in repo dbs.
More information about the arch-dev-public