[arch-general] [arch-dev-public] Can we trust our mirrors?
Daenyth Blank
daenyth+arch at gmail.com
Sun Nov 30 07:06:09 EST 2008
On Sun, Nov 30, 2008 at 06:56, solsTiCe d'Hiver
<solstice.dhiver at gmail.com> wrote:
> i like the original idea of pierre. i had the same one ;-)
>
> because it's easier to implement and could be done quite quickly. it's
> quite time to shift to something a little more secure, even if it's not
> the *most* secure one.
> as soon the db is signed, we have a minimum security (not total i know,
> i read about the exploit in this thread)
>
> package signing could be a second step as it will take even longer to
> complete (more work to be done in pacman and more things to agree upon)
>
> in fact, i suggest a two steps approach.
>
I agree. We can talk until we're blue in the face about the "ideal"
way to do it, but it doesn't mean a thing if it's not implemented.
Let's get *something* done, even if it's not ideal.
More information about the arch-general
mailing list