[pacman-dev] [ Package Signing ] Your signature please

Daniel Mendler mail at daniel-mendler.de
Sat Feb 19 17:42:18 EST 2011

On 02/19/2011 08:38 PM, Alf Gaida wrote:
> Maybe i have should use a <ironic> tag. Nothing is secure in the end, if 
> anyone will do harm, he'll find a security hole. Like this:  
> http://www.webhostingtalk.com/showthread.php?t=717240

Exactly, because we cannot reach perfect security, we should not care
about it at all!

> I agree fully with Allan. For me it makes not a big difference if a package is 
> signed or not. It's a nice to have feature and i would be glad if someone 
> would implement it. But for me it has a very low priority.. 

It makes a big difference if your system is compromised. And then you
will care about it. I don't understand this naive and short-sighted opinion.

@Allan: I am a bit disappointed with your opinion that you want to
implement only features that you care about. I think there is also a
reponsibility if you are one of the main developers of the package
manager of a popular distribution. And you don't even have to implement
the features yourself - there are people who are willing to help. But
those people should also get some support by you.


More information about the pacman-dev mailing list