[pacman-dev] [PATCH 0/4] Add signature check for local packages
dpmcgee at gmail.com
Fri Apr 22 17:10:30 EDT 2011
On Thu, Apr 21, 2011 at 1:35 AM, Rémy Oudompheng
<remyoudompheng at gmail.com> wrote:
> Packages added from local files are not checked currently.
> These patches also introduce changes in the handling
> of PM_PGP_VERIFY_UNKNOWN that are not really convincing.
> We could skip these changes and just apply the other patches,
> however we should probably give some thoughts about that.
> Making the check level into an argument of the check function
> could also be an option.
So I'm going to soon send a set of patches that address and clash with
a lot of what this patch set is doing. Rémy, I don't want to
discourage you by any means with not applying these, as I drew ideas
and inspiration from your patches, but I saw a fundamental problem
with doing this at all in sync.c- it frankly just doesn't belong
there. Instead, the main push of my patches is to push this down into
the load function itself, which allows both frontend and backend
package loads to have the benefit of signature checks.
I did already grab your UNKNOWN patches, so thanks for those.
More information about the pacman-dev