[arch-general] Invalid signatures
lisaev at umail.iu.edu
Tue Nov 6 15:25:01 EST 2012
On Tue, 06 Nov 2012 20:33:20 +0100
Thomas Bächler <thomas at archlinux.org> wrote:
> Am 06.11.2012 20:11, schrieb Leonid Isaev:
> > A bit OT, but anyway... Are there any plans for actually storing *.sig
> > files in the cache alongside the packages? This costs a tiny amount of
> > space, but IMHO will make verification (especially of old packages) much
> > easier.
> pacman does not download them, so it cannot store them.
> Signatures are contained in the db file.
Yes, but it's only for the current (latest synced) set of packages, and even
then I have to parse the desc files and filter the ascii sigs through base64,
all outside of pacman which I think does it anyway at the verification stage.
Hence my question. For example, I don't mind a performance hit due to
regeneration of all binary signatures on the fly. Just an opinion though...
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the arch-general