[pacman-dev] Finishing off the package signing issue -- call for contributors
Rémy Oudompheng
remyoudompheng at gmail.com
Sun May 22 03:22:27 EDT 2011
On 2011/5/21 Kerrick Staley <mail at kerrickstaley.com> wrote:
>> Note that how Arch will deal with signing in their repos is being
> finalised
>> elsewhere, but to reiterate, that has nothing to do with the pacman
>> implementation.
> Where?
>
>> This is why it needs to be kept completely separate from discussions about
>> implementing signature verification work in pacman.
> Eh? pacman-dev is the most relevant list I've found for discussion of this
> issue. The key-signing mechanism in pacman (in particular, its ease-of-use)
> has a direct impact on its adoption, and the two conversations should not be
> separated.
Hello Kerrick,
There is no such key-signing mechanism in pacman, and there no plan to
have such a thing. Keys are signed using the standard GPG utilities
and are completely up to the packagers and repository admins. Details
about the implementation chosen by Archlinux can be discussed on
arch-general at archlinux.org. You may also find discussions in archives
of arch-dev-public at archlinux.org.
Rémy.
More information about the pacman-dev
mailing list