[pacman-dev] (Locally) signing a key with pacman-key?
Denis A. Altoé Falqueto
denisfalqueto at gmail.com
Wed Nov 24 17:31:11 CET 2010
On Wed, Nov 24, 2010 at 1:58 PM, Allan McRae <allan at archlinux.org> wrote:
> The reply I got from the gpg list indicates that we are right here and at
> least one ultimately trusted key is needed. So that at least clears up one
> confusion...
Good!
> However, if you are using an external repo maintained by one person, you
> probably do not want to give that persons key any rights to sign other keys.
> So I would not want to give that key ultimate trust. However, locally
> signing the key would allow me to accept the packages from that repo as
> validly signed.
Agreed. A special key pair just for the purpose of trusting is very
appropriate, specially with third party repositories. I'll update the
wiki page with that advise.
>>> If people think the second method is reasonable, it would be good to add
>>> an
>>> option to pacman-key to allow signing (locally only) of keys.
>>
>> In fact, it already has. It is the --trust option.
>
> Ah... of course (and the --adv option is always there...). Maybe we
> should rename the --trust option to --edit-key to keep in line with what GPG
> is really doing there and to make it clear you can set more than just trust.
> Also, it always seemed weird to me that I was setting --trust and then had
> to type "trust" again at the prompt to do it.
Yeah, I can change that. I really suck at naming things :)
--
A: Because it obfuscates the reading.
Q: Why is top posting so bad?
-------------------------------------------
Denis A. Altoe Falqueto
Linux user #524555
-------------------------------------------
More information about the pacman-dev
mailing list