[aur-general] TU without [community] maintaining?
Laszlo Papp
djszapi at archlinux.us
Wed Feb 3 13:55:10 EST 2010
On Wed, Feb 3, 2010 at 7:42 PM, Florian Friesdorf <flo at chaoflow.net> wrote:
> On Wed, Feb 03, 2010 at 09:32:12PM +0300, Lex Rivera wrote:
>> On 03/02/10 19:10, Florian Friesdorf wrote:
>> >
>> > What about a peer trust network? Publishing packages on the AUR would
>> > involve giving an pgp public key. People sign their PKGBUILDs using
>> > their private key. People can define trust relationships towards other
>> > people ("I trust this person to write good PKGBUILDs" and "I trust this
>> > person's trust in other's"). Being a TU would mean to be signed by the
>> > TU-Authority (or whatever) and trusting the TU authority's trust would
>> > mean you can install packages that are created by TU's.
>>
>> Peer trust network? Isn't that too hard for ordinary user? Download
>> key, import it, set trust level... If there will be some list of
>> "Checked Users" this will be easier and friendlier. But peer trust net
>> is nice idea anyway.
>
> yaourt could ship with the TU-Auth's public key and it's default
> configuration could be to trust packages by people that are signed by
> the TU-Auth.
>
> key management should further be integrated into yoaurt (or the like)
Yaourt is not supported officially, and it's buggy and abandoned
program at this momment, and it has got a very bad design concept to
parse URLs directly, so much people wouldn't like to use it ...
Best Regards,
Laszlo Papp
More information about the aur-general
mailing list