[pacman-dev] Checking package validity
Allan McRae
allan at archlinux.org
Sat Jul 30 21:15:21 EDT 2011
I was thinking of how we currently check package validity and had
planned to do something like:
1) signature check
2) md5sum check _only_ if no signature to check
with the intention of adding an sha256sum check in the middle in the
future (perhaps only if pacman is built using openssl to save us having
to provide the routines...).
But as far as I can tell, _alpm_check_pgp_helper does not allow you to
distinguish between a successful signature check and the case where no
signature is available and signature checking is not required. Is that
correct or am I missing something?
Allan
More information about the pacman-dev
mailing list