[pacman-dev] Finishing off the package signing issue -- call for contributors
Allan McRae
allan at archlinux.org
Sat May 21 02:29:10 EDT 2011
On 21/05/11 16:14, Allan McRae wrote:
> All this is off-topic for this list as pacman will not care how packages
> and repos are signed. It will just verify whether the package/repo can
> be validated using the keychain it is provided.
Just to clarify, I do see how the keychain is managed by a distribution
as an important issue to be discussed. However, it is also the most
political issue in this package signing business and discussing it on
this list just ends up derailing discussion on actual pacman
development. This is why it needs to be kept completely separate from
discussions about implementing signature verification work in pacman.
Allan
More information about the pacman-dev
mailing list