[pacman-dev] [PATCH 0/4] Make gpgme optional
remyoudompheng at gmail.com
Mon Apr 11 15:17:48 EDT 2011
On 2011/4/11 Dan McGee <dpmcgee at gmail.com> wrote:
> On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng
> <remyoudompheng at gmail.com> wrote:
>> These patches (partially already submitted before) make linking with
>> gpgme optional, and also implement a configuration option for
>> pacman to use an external tool for signature checking.
>> The given example is "gpg --verify - $filename", but "/bin/true"
>> could be used to totally bypass checking.
> You totally misread my TODO item, sorry, and I never intended someone
> else to do this one but put it on the list in trying to be open about
> things. :/
> I meant nothing about letting an external tool validate signatures; as
> a matter of fact I am highly against this. I only wanted gpgme and
> signature checking to be an option that could be omitted when
> compiling, for instance if someone decided to use this to manage
> custom packages elsewhere with no intent of sharing publicly, or
> another OS where gpg is not so readily available.
Gah I read "like we do with our download code" which looked exactly
like I thought. However, I may understand that you don't want to merge
this, even if I found the idea interesting.
More information about the pacman-dev