[arch-general] Package signing: database signatures?
Allan McRae
allan at archlinux.org
Sat Mar 10 18:27:20 EST 2012
On 11/03/12 02:12, Kevin Chadwick wrote:
> On Mon, 05 Mar 2012 10:42:15 +0100
> Florian Pritz wrote:
>
>> You should read pacman.conf(5) "PACKAGE AND DATABASE SIGNATURE CHECKING"
>> and use "Optional PackageRequired"
>
> Quick question and I'm guessing the answer will be just to wait and
> that's fine.
>
> There are just a few packages preventing me from using Required in
> pacman.conf.
>
> Like scribes and xcb-proto (the testing version is signed so I guess
> that will migrate).
>
> Just wondering if there is any pacman.conf magic that will tie a
> signature checking setting to a particaulr package name?
>
>
>
> p.s.
>
> I don't know what people use apart from just updating regularly but I've
> just written a script to look up packages installed with exploits
> (cves) and also curently in the three main repos for arch. I haven't the
> time at the mo to make it less crude and generic/ready/fancy for the
> general public, but if anyone's interested let me know.
>
>
> This is what I found recently.
>
> bugzilla-4.2
> flyspray-0.9.9.6
> phpldapadmin-1.2.2
> wordpress-3.3.1
> emacs-23.4
> flashplugin-11.1.102.62
> glib-1.2.10
> mysql-5.5.21
> ocaml-3.12.1
> tomcat-5.5.34
> vlc-2.0.0
Report issues to the bugtracker. Most packagers do not read this list.
But make sure they are not already patched.
Allan
More information about the arch-general
mailing list