[arch-general] Pacman Database Signatures

Eli Schwartz eschwartz at archlinux.org
Wed Feb 5 03:55:18 UTC 2020


On 2/2/20 4:59 PM, Christopher W. via arch-general wrote:
> Hi. The wiki states that database signatures for pacman are currently
> a work in progress. It's been that way for a long time, so I assume
> there is no "progress" happening. What is currently in the way of this
> much-needed security feature to be fully implemented?

As Levente said, this is supported by pacman, but not by Arch Linux --
and the reason for the latter is that it is complicated to come up with
a signing scheme which everyone is happy with. It needs to support
remote server signing by any of 74 different authorized individuals.

Hopefully there will be wonderful news soon. In the meantime, I for one
make sure that my personal repository hosted on https://pkgbuild.com
includes database signatures.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200204/984d3cae/attachment.sig>


More information about the arch-general mailing list