[arch-general] Pacman makepkg and signatures
Denis A. Altoé Falqueto
denisfalqueto at gmail.com
Tue Oct 25 10:10:50 EDT 2011
On Tue, Oct 25, 2011 at 11:15 AM, Steve Holmes <steve.holmes88 at gmail.com> wrote:
> On Tue, Oct 25, 2011 at 03:00:50PM +0200, fredbezies wrote:
>> In /etc/pacman.conf, uncomment :
>>
>> SigLevel = Optional TrustAll
>
> Yeah, I saw that and understand that is appropriate for local
> packages. But now that I uncomment it, what if I want to tighten up
> the sig tests in the future. How does one correct the errors. In
> this current situation, it appears that this signature verification
> stuff doesn't work. What am I missing?
>
> At least at the moment, I can go ahead and upgrade these 126
> packages:).
If you want to tighten up, you should use TrustedOnly, instead of
TrusAll. That would only consider as valid a signature whose key is
present in pacman's keyring and also either signed explicitly by you
or trusted by a key from someone you already trusts. The latter is
what OpenPGP calls Web of Trust (you can read about it on the web,
it's a very interesting subject)
I didn't understand what you mean by "correct the errors" and
"signature verification stuff doesn't work". Would you mind to
elaborate on that?
--
A: Because it obfuscates the reading.
Q: Why is top posting so bad?
-------------------------------------------
Denis A. Altoe Falqueto
Linux user #524555
-------------------------------------------
More information about the arch-general
mailing list