[arch-general] Doubt about signed packages.

Ng Oon-Ee ngoonee at gmail.com
Tue Mar 1 03:18:16 EST 2011

On Tue, 2011-03-01 at 12:50 +0530, Keerthan jai.c wrote:
> Why can't we do this?
> 1) Keep hashes of {core,extra,community,multilib}.db in plaintext in
> keys.archlinux.org or something
> 2) while syncing pacman compares the hashes of the downloaded dbs from the
> main server ensuring that the packages are not tampered!
I suggest you first look at all the prior discussion on the topic. Its
not as simple as that.

More information about the arch-general mailing list