[aur-general] Discussion about AUR packages signing
Dave Reisner
d at falconindy.com
Thu Aug 7 22:06:52 EDT 2014
On Thu, Aug 07, 2014 at 09:57:24PM +0200, Fabien Dubosson wrote:
> Hi,
>
> I want to start a discussion about AUR packages signing. If this debate
> already happened, it means that I'm not really good with Google or
> unfortunate in the keywords I used in my searches: in these cases
> forgive me and just give me some pointers.
>
> TL;DR I personally "trust" some AUR users who have several good-quality
> packages, and an optional way to sign AUR packages would permit me
> to know that I can build and update their packages without
> worrying too much.
I did read your proposal, but my comment can be framed in the context of
your tl;dr:
You don't really seem to want GPG signatures, just a whitelist of
package maintainers by name. Any AUR helper could implement support for
this today, with no changes to the AUR.
d
More information about the aur-general
mailing list