[pacman-dev] gnupg package signing
shiningxc at gmail.com
Mon Aug 24 18:28:47 EDT 2009
On Tue, Aug 25, 2009 at 12:19 AM, Allan McRae<allan at archlinux.org> wrote:
> Xavier wrote:
>> Just to let you know that I resurrected the gpg branch there :
>> I took Dan's newgpg branch (with a few changes) :
>> then merged the pending patches we had :
>> and rebased it all on master.
>> Actually I don't see what else needs to be done on the implementation
>> side, it looks almost complete to me.
>> Now the big remaining problem is everything related to key
>> administration still needs to be figured out, and this is critical in
>> term of security.
>> But it might not need additional tool support.
> So... how about we set up a small signed package repo somewhere and just
> see how this all goes? We are not going to know all the issues until we
> actually use it.
That's probably a good idea.
I wish some people who actually knew how to use gnupg a bit could help though :)
More information about the pacman-dev