[pacman-dev] Finishing off the package signing issue -- Update
Kerrick Staley
mail at kerrickstaley.com
Sun Jun 12 04:18:43 EDT 2011
I inadvertently broke my email account when I configured
git-send-mail, and I only just realized it. Everything I've sent to
the list since then didn't go through, so I'm resending this message,
originally sent June 6.
On Wed, Jun 1, 2011 at 3:59 PM, Dan McGee <dpmcgee at gmail.com> wrote:
> * Lazy DB loading makes things much more difficult. I'm not willing to
> sacrifice this for signing, so striking a balance between when we
> check sigs and ensuring frontends (and our backend code!) are well
> aware the database won't be loaded due to a failed signature check is
> really important. This is probably the single biggest blocker, and
> perhaps why those not involved until now seem to think this is going
> at a snail's pace. If you'd like to see how big of a task this is, I
> will send my three different approaches in various stages of
> completion to the mailing list, none of which I am super happy with.
Can you please send this code, and elaborate a little more on the problem?
> * Architecting checks to be done in parallel in the future; we had a
> demo patchset posted for this when only doing md5 checks but I want to
> make sure we can do this again later for all types of package
> verification.
I think once we have a solution for the trustdb locking issue,
parallel signature checking won't be hard.
Thanks,
Kerrick Staley
More information about the pacman-dev
mailing list