[pacman-dev] [PATCH 1/3] Changed all references to signature verification level in libalpm symbols to 'verifysig'. Removed references to PGP in libalpm symbols. Signed-off-by: Kerrick Staley <mail at kerrickstaley.com>

Dan McGee dpmcgee at gmail.com
Wed Jun 1 16:46:09 EDT 2011


^^^ You deleted the blank line between the patch subject and the
summary text, which makes it do what it did. You'll want to put that
back.

On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley <mail at kerrickstaley.com> wrote:

So I don't find VerifySig any more appitizing, other than matching the
option name we came up with. I was leaning in my head when I wrote up
this TODO toward something like GPGLevel, SigLevel, etc. I also think
we may need to be a bit more granular than our current
Always/Optional/Never trifecta. We have a multitude of possibilities
when checking a signature:

* Valid signature, fully trusted (or ultimate,
(GPGME_VALIDITY_{ULTIMATE, FULL}).

* Valid signature, unknown trust/unknown key (GPGME_VALIDITY_UNKNOWN,
GPGME_SIGSUM_KEY_MISSING).
* Valid signature, trust somewhere in between (marginal,
GPGME_VALIDITY_MARGINAL).

* Valid signature, user is never valid (GPGME_VALIDITY_NEVER)
* Valid signature, signature is however expired (GPGME_SIGSUM_SIG_EXPIRED)
* Valid signature, key is however expired (GPGME_SIGSUM_KEY_EXPIRED)
* Bad signature, trust level is irrelevant (GPGME_VALIDITY_RED)

Thoughts from anyone else on the naming, as well as what to do as far
as expanded options? I've divided it above into roughly 3 categories,
of which the top would always be acceptable, the bottom would never,
and the middle could be a switchable option. I'm envisioning something
like:

SigLevel = Always AllowUnknown

[core]
SigLevel = Always

[otherrepo]
SigLevel = Optional AllowUnknown

-Dan


More information about the pacman-dev mailing list