[pacman-dev] [PATCH] Add per-repo PinnedPubKey option

Allan McRae allan at archlinux.org
Tue Nov 1 23:28:07 UTC 2016

On 01/11/16 06:36, Travis Burtrum wrote:
>>From abb057844eec0e5707c31b643d0f2187b4cf0eb6 Mon Sep 17 00:00:00 2001
> From: Travis Burtrum <travis.archlinux at burtrum.org>
> Date: Mon, 31 Oct 2016 02:12:31 -0400
> Subject: [PATCH] Add per-repo PinnedPubKey option
> This sets curl's CURLOPT_PINNEDPUBLICKEY option in the built-in
> downloader, or replaces %p in XferCommand.  This pins public
> keys to ensure your TLS connection is not man-in-the-middled
> without relying on CAs etc.  Probably most useful currently
> for very small groups or single servers.
> It would obviously be best as a per-mirror option, but such
> a thing currently does not exist.

I agree that this is a per mirror option.  It is too out of place as a
per repository setting (except maybe when there is only a single sever
providing a repo).  So I will not accept this patch.


More information about the pacman-dev mailing list