[arch-general] unoffical package signing

keenerd keenerd at gmail.com
Fri Mar 18 10:24:51 EDT 2011

So, I've decided to unofficially start signing my packages.  We don't
need pacman or namcap or support from other tools.  Here is how it

gpg --detach-sign foo.pkg.tar.xz
scp foo.pkg.tar.xz.sig pkgbuild.com:~/public_html/sigs/

That is it.  Mine are at
Of course I only have one package to sign at the moment, but 0.02%
coverage is better than none ;-)

If you think this is a good idea, sign your packages too.  (And share
the link please.)


More information about the arch-general mailing list