[arch-general] Package signing: database signatures?
Christian Hesse
list at eworm.de
Mon Mar 5 04:52:33 EST 2012
Florian Pritz <bluewind at xinu.at> on Mon, 05 Mar 2012 10:42:15 +0100:
> On 05.03.2012 10:39, Christian Hesse wrote:
> > Hello everybody,
> >
> > afaik, database files in official repositories are not signed yet. Are
> > they?
> >
> > This forces one to set SigLevel to 'Optional' instead of 'Required'. Now
> > if anybody wants to provide an infected package he/she only needs to
> > provide no signature at all and the package is happily accepted, no?
> >
> > So when will database files from official packages be signed?
> >
> > And even more interesting: Does it make sense to add a new option
> > 'PkgRequired'? This could force valid signatures for packages and make it
> > optional for database files.
>
> You should read pacman.conf(5) "PACKAGE AND DATABASE SIGNATURE CHECKING"
> and use "Optional PackageRequired"
I misread the lines about combining of the options and prefixes.
My fault, I am perfectly happy now. ;)
Sorry for the noise!
--
Best regards,
Chris
O< ascii ribbon campaign
stop html mail - www.asciiribbon.org
More information about the arch-general
mailing list