[pacman-dev] gnupg package signing
Xavier
shiningxc at gmail.com
Mon Aug 24 18:28:47 EDT 2009
On Tue, Aug 25, 2009 at 12:19 AM, Allan McRae<allan at archlinux.org> wrote:
> Xavier wrote:
>>
>> Just to let you know that I resurrected the gpg branch there :
>> http://code.toofishes.net/cgit/xavier/pacman.git/log/?h=gpg
>>
>> I took Dan's newgpg branch (with a few changes) :
>> http://code.toofishes.net/cgit/dan/pacman.git/commit/?h=newgpg
>> then merged the pending patches we had :
>> http://archlinux.org/pipermail/pacman-dev/2008-December/007808.html
>> http://archlinux.org/pipermail/pacman-dev/2008-December/007836.html
>> http://archlinux.org/pipermail/pacman-dev/2008-December/007837.html
>> and rebased it all on master.
>>
>> Actually I don't see what else needs to be done on the implementation
>> side, it looks almost complete to me.
>>
>> Now the big remaining problem is everything related to key
>> administration still needs to be figured out, and this is critical in
>> term of security.
>> But it might not need additional tool support.
>>
>
> So... how about we set up a small signed package repo somewhere and just
> see how this all goes? We are not going to know all the issues until we
> actually use it.
>
That's probably a good idea.
I wish some people who actually knew how to use gnupg a bit could help though :)
More information about the pacman-dev
mailing list