[pacman-dev] Finishing off the package signing issue -- Update

Rémy Oudompheng remyoudompheng at gmail.com
Wed Jun 1 02:06:56 EDT 2011


On 2011/6/1 Kerrick Staley <mail at kerrickstaley.com> wrote:
>> tl;dr. You seem to have issues separating what happens here on
>> pacman-dev from what happens in Arch Linux. Although the majority of
>> pacman's userbase _is_ indeed Arch Linux, we maintain portability to
>> OSX, cygwin, and the BSDs. Anything to do with Arch Linux packages
>> _specifically_ has no effect on our ability to roll out a new release of
>> pacman.
>
> Security is a system, not a line of code, and other distributions will
> need to implement a secure system if they want to use pacman as their
> package manager. Hence, broader discussion about the implementation of
> signing should take place on this list; anything specific to Arch can
> be generalized to other distributions. You're correct in that we don't
> have to wait on the infrastructure to ship an updated pacman, but I'm
> personally only interested in achieving a working implementation of
> package signing on Arch Linux, and so I will frame my discussion
> appropriately. Perhaps I could have clarified that "Blocking" and
> "Non-Blocking" are relative to this goal.

Hello Kerrick,

As you say, pacman is not a system, just lines of code, it provides
tools to use gpg as a security system, and any system discussions go
to arch-general at archlinux.org. Few Archlinux developers, as far as I
know, read the pacman-dev mailing-list.

Rémy.


More information about the pacman-dev mailing list