[pacman-dev] GPG status - Was: Hooks in pacman
Allan McRae
allan at archlinux.org
Sun Jan 30 19:10:13 EST 2011
On 31/01/11 09:23, Daniel Mendler wrote:
> And another topic: I have seen that Allan is working on gpg-support. How
> far is this from deployment?
Not all that far, but far enough that I very much doubt it will make a
3.5 release. Also, there has been no work on this by me (or anyone...)
in the last few months.
This is the current branch which I rebase on master ever so often:
http://projects.archlinux.org/users/allan/pacman.git/log/?h=gpg
I ran that branch for a while with a signed repo and it worked. There
were obvious issues in terms of the output being awful and some
bugs/missing features but it mostly works.
This TODO is fairly up-to-date and complete:
https://wiki.archlinux.org/index.php/User:Allan/Package_Signing
I think that the pacman-key, makepkg, and repo-add TODOs could be
knocked off by someone sitting down for a few hours and making a decent
attack at them. Especially given some sort of patch is already
available for most of it.
The output and database update issues in pacman are probably the biggest
blockers here. That is an area I would be very, very happy to receive
patches for...
Allan
More information about the pacman-dev
mailing list