[pacman-dev] [arch-general] Package signing

Allan McRae allan at archlinux.org
Thu May 6 01:04:36 CEST 2010


On 06/05/10 03:38, Linas wrote:
> Allan McRae wrote:
>> The first method is what is currently used on the gpg patches that are
>> available.  The signature is made in a separate file and then is
>> inserted in the repo db when the package is added.
>
> I would prefer having the signature along the package. Maybe as a tar
> extended header.
> This way you can't lose the detached signature (it also means that you
> need to download twice as much files).

But you do not need to...  you download the repo db (which contains the 
signature) and the package.  Same as always.


More information about the pacman-dev mailing list