[pacman-dev] gnupg package signing
dpmcgee at gmail.com
Mon Aug 24 19:19:44 EDT 2009
On Mon, Aug 24, 2009 at 5:28 PM, Xavier<shiningxc at gmail.com> wrote:
> On Tue, Aug 25, 2009 at 12:19 AM, Allan McRae<allan at archlinux.org> wrote:
>> Xavier wrote:
>>> Just to let you know that I resurrected the gpg branch there :
>>> I took Dan's newgpg branch (with a few changes) :
>>> then merged the pending patches we had :
>>> and rebased it all on master.
>>> Actually I don't see what else needs to be done on the implementation
>>> side, it looks almost complete to me.
>>> Now the big remaining problem is everything related to key
>>> administration still needs to be figured out, and this is critical in
>>> term of security.
>>> But it might not need additional tool support.
>> So... how about we set up a small signed package repo somewhere and just
>> see how this all goes? We are not going to know all the issues until we
>> actually use it.
> That's probably a good idea.
> I wish some people who actually knew how to use gnupg a bit could help though :)
I did a whole lot of looking and working on this today while sitting
in the jury waiting room (and woo, I got picked to be on a jury, meh).
I've actually worked my way back through the original patches and am
about halfway through what Xavier has on his branch, and I've actually
added another 3 or 4 patches to the mix. I'll try to push the
"results" somewhere public tonight. I do feel the momentum on this
whole thing actually moving in the right direction, however, so that
Hopefully I will be able to continue the patch processing and tidying
and keep looking at this throughout the week.
More information about the pacman-dev