[arch-general] Invalid signatures

Leonid Isaev lisaev at umail.iu.edu
Tue Nov 6 15:25:01 EST 2012

On Tue, 06 Nov 2012 20:33:20 +0100
Thomas Bächler <thomas at archlinux.org> wrote:

> Am 06.11.2012 20:11, schrieb Leonid Isaev:
> > A bit OT, but anyway... Are there any plans for actually storing *.sig
> > files in the cache alongside the packages? This costs a tiny amount of
> > space, but IMHO will make verification (especially of old packages) much
> > easier.
> pacman does not download them, so it cannot store them.
> Signatures are contained in the db file.

Yes, but it's only for the current (latest synced) set of packages, and even
then I have to parse the desc files and filter the ascii sigs through base64,
all outside of pacman which I think does it anyway at the verification stage.

Hence my question. For example, I don't mind a performance hit due to
regeneration of all binary signatures on the fly. Just an opinion though...

Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20121106/bb4a62ee/attachment.asc>

More information about the arch-general mailing list