[pacman-dev] [ Package Signing ] Your signature please

Daniel Mendler mail at daniel-mendler.de
Sat Feb 19 00:18:34 EST 2011

The mail by IgnorantGuru is very much what I was going to write. There
is no problem in adding signatures to the Arch repositories immediately.

You always say that pacman is not the same as Arch. This might be true,
but which major distribution uses pacman? We should not argue about
those subtile differences.

I pulled the main pacman branch, merged Allan's gpg-patches and created
a signed repository - everything worked fine (Except for example
overwriting the db with a unverified one before verifing - I can provide
patches for this in one week). You always say that you need patches, but
what exactly? You seem to have a working implementation but you don't
integrate these into master. Instead you work on minor performance
issues (Single file database for example) even though we have a very
serious security problem.


More information about the pacman-dev mailing list