[arch-general] gpg source validation for kernel.org style signatures
Doug Newgard
scimmia at archlinux.info
Sun Jan 4 22:03:43 UTC 2015
On Sun, 4 Jan 2015 22:05:21 +0100
Christian Hesse <list at eworm.de> wrote:
> Hello everybody,
>
> pacman 4.2.0 gained support for verifying source tarballs with
> kernel.org style signature. Some (even essential) packages could
> benefit from that, linux and git come to mind.
>
> How to handle this? Report a bug for every package? Provide a list
> here?
A lot of it is already happening:
https://www.archlinux.org/todo/validpgpkeys-integrity-check/
If you want it added to a package that isn't on that list, the bug
tracker is probably the best bet. Note that the linux package already
has it.
Doug
More information about the arch-general
mailing list