[pacman-dev] [ Package Signing ] Your signature please

Daniel Mendler mail at daniel-mendler.de
Sun Feb 20 06:47:24 EST 2011

Hi Allan

> As far as I am concerned, the major points on the TODO list that need
> patches are the first five for pacman:
> TODO: fix (and refactor) reading signatures for packages installed with -U
> TODO: have a way to force a signature check with -U (i.e. abort if no
> signature is found)
> TODO: only replace old database when signature is valid
> TODO: output when downloading signature file - name when downloaded
> TODO: output when downloading signature file - "error" when not available

I have a patch for the third point. Can you please clarify the last two
points? Do you think the output is too verbose (two download progress
bars with the same name etc, and two error messages in case of error)?

> The other issues are all fairly minor (and the pacman-key/makepkg ones
> mostly have patches that just need revised already).

I took a look on the other patches. I agree that these need only
reviewing and merging.

> So if patches are submitted for those five points, and any criticism
> followed up, I will commit to then spending the time doing the needed
> tidying/rebasing of the code on my gpg branch to have it suitable for
> merging.

Sounds good.


More information about the pacman-dev mailing list