[arch-general] Doubt about signed packages.

Keerthan jai.c jckeerthan at gmail.com
Tue Mar 1 02:20:08 EST 2011

Why can't we do this?

1) Keep hashes of {core,extra,community,multilib}.db in plaintext in
keys.archlinux.org or something
2) while syncing pacman compares the hashes of the downloaded dbs from the
main server ensuring that the packages are not tampered!

have a nice day

More information about the arch-general mailing list