[arch-dev-public] Use detached package signatures by default

Allan McRae allan at archlinux.org
Thu Jul 9 03:22:11 UTC 2020

On 9/7/20 1:05 pm, Anatol Pomozov wrote:
> Given this information I would like to propose to stop using embedded
> signatures and move to detached signatures by default. This will
> require pacman 6.x or as alternative backport the fix(es) to 5.x
> branch. It will help to make system updates even faster, something
> that me and many other Arch users really love.

There are several steps we need to complete:

1) backport the patch (or wait for pacman-6.0, which may be a while
yet).  I'll leave that to the distro packagers to decide!

2) adjust repo-add to optionally add signatures.

3) make a time line that all users need to have the patched/released
pacman installed - we usually require at least 6 months.

4) turn off signature inclusion in repo dbs.


More information about the arch-dev-public mailing list