[pacman-dev] [PATCH 0/4] Make gpgme optional
dpmcgee at gmail.com
Mon Apr 11 15:01:18 EDT 2011
On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng
<remyoudompheng at gmail.com> wrote:
> These patches (partially already submitted before) make linking with
> gpgme optional, and also implement a configuration option for
> pacman to use an external tool for signature checking.
> The given example is "gpg --verify - $filename", but "/bin/true"
> could be used to totally bypass checking.
You totally misread my TODO item, sorry, and I never intended someone
else to do this one but put it on the list in trying to be open about
I meant nothing about letting an external tool validate signatures; as
a matter of fact I am highly against this. I only wanted gpgme and
signature checking to be an option that could be omitted when
compiling, for instance if someone decided to use this to manage
custom packages elsewhere with no intent of sharing publicly, or
another OS where gpg is not so readily available.
So I will take a look at the first half, but the second half will not
be going anywhere.
More information about the pacman-dev