[pacman-dev] gnupg package signing

Allan McRae allan at archlinux.org
Mon Aug 24 18:19:37 EDT 2009

Xavier wrote:
> Just to let you know that I resurrected the gpg branch there :
> http://code.toofishes.net/cgit/xavier/pacman.git/log/?h=gpg
> I took Dan's newgpg branch (with a few changes) :
> http://code.toofishes.net/cgit/dan/pacman.git/commit/?h=newgpg
> then merged the pending patches we had :
> http://archlinux.org/pipermail/pacman-dev/2008-December/007808.html
> http://archlinux.org/pipermail/pacman-dev/2008-December/007836.html
> http://archlinux.org/pipermail/pacman-dev/2008-December/007837.html
> and rebased it all on master.
> Actually I don't see what else needs to be done on the implementation
> side, it looks almost complete to me.
> Now the big remaining problem is everything related to key
> administration still needs to be figured out, and this is critical in
> term of security.
> But it might not need additional tool support.

So...   how about we set up a small signed package repo somewhere and 
just see how this all goes?  We are not going to know all the issues 
until we actually use it.


More information about the pacman-dev mailing list