[pacman-dev] Package signing again....

[Aaron Griffin]

On Wed, Jul 1, 2009 at 4:19 AM, unohu<unohu0 at gmail.com> wrote:
> IMHO it is a lack of direction rather than lack of man power. If there is a
> correct road map/consensus of what/how we want to implement, i am sure there
> are few persons here(including me) who would like to see this implemented
> and are ready to work on this.
>
> I understand that the current pacman devs are quite busy at the moment with
> next 3.3 release, but if they can come up with a higher level design of what
> needs to be implemented, we can start working on the boring part of coding
> and other details :) .
>
> This will also remove the uncertainty of whether the patches will get
> accepted or will need a complete rework after spending a lot of time on
> this.

I don't know if anyone really has a clear idea of how this should
work. So it's difficult to give a "high level" design here.

>From my point of view:
* Should be optional, possibly per repo (so we can use signed packages
from core and extra, and unsigned packages from mycustomrepo)
* Needs to get keys from some keychain somehow
* Should be rather transparent once turned on

That's all I really care about.