[pacman-dev] [PATCH] (newgpg) Let pacman specify GnuPG's home directory.
Aaron Griffin
aaronmgriffin at gmail.com
Thu Dec 18 11:22:25 EST 2008
On Thu, Dec 18, 2008 at 7:02 AM, Gerhard Brauer <gerbra at archlinux.de> wrote:
> Am Wed, 17 Dec 2008 18:22:36 +0530
> schrieb Jatheendra <jatheendra at gmail.com>:
>
>> A patch for adding VerifySignature options in pacman.conf
>
> >From your other mail:
> ------------
> These patches will add VerifySig option to pacman.conf. VerifySig
> takes options Always, Optional or Never
>
> [repo-name]
> Server = ServerName
> VerifySig = Always
> Include = IncludePath
> ------------
>
> I've not tested your patch (today evening maybe), but i am not very
> happy with this triple state. If i choose to use a repo which offers
> signed packages then i want the "full program", so if something wrong
> with one package i don't want it get installed/upgraded.
> And if i have a repo without signing then i don't put the option in the
> repo section of pacman.conf.
I think "Optional" makes sense in some cases. Let's take the community
repo, where things tend to be a hodge-podge of ideas and attitudes. I
can imagine half the packages being signed, some being unsigned, and
some being signed by keys not in the keyring.
That is an edge case though...
More information about the pacman-dev
mailing list