[arch-general] Pacman Database Signatures

Christopher W. vneon95 at protonmail.com
Wed Mar 25 20:24:31 UTC 2020


On Wednesday, February 5, 2020 3:55 AM, Eli Schwartz via arch-general <arch-general at archlinux.org> wrote:
> On 2/2/20 4:59 PM, Christopher W. via arch-general wrote:
>
> > Hi. The wiki states that database signatures for pacman are currently
> > a work in progress. It's been that way for a long time, so I assume
> > there is no "progress" happening. What is currently in the way of this
> > much-needed security feature to be fully implemented?
>
> As Levente said, this is supported by pacman, but not by Arch Linux --
> and the reason for the latter is that it is complicated to come up with
> a signing scheme which everyone is happy with. It needs to support
> remote server signing by any of 74 different authorized individuals.
>
> Hopefully there will be wonderful news soon. In the meantime, I for one
> make sure that my personal repository hosted on https://pkgbuild.com
> includes database signatures.

Has there been any update or progress in this area?


More information about the arch-general mailing list