[arch-general] Doubt about signed packages.
Ng Oon-Ee
ngoonee at gmail.com
Tue Mar 1 03:18:16 EST 2011
On Tue, 2011-03-01 at 12:50 +0530, Keerthan jai.c wrote:
> Why can't we do this?
>
> 1) Keep hashes of {core,extra,community,multilib}.db in plaintext in
> keys.archlinux.org or something
> 2) while syncing pacman compares the hashes of the downloaded dbs from the
> main server ensuring that the packages are not tampered!
>
I suggest you first look at all the prior discussion on the topic. Its
not as simple as that.
More information about the arch-general
mailing list