[pacman-dev] [PATCH] Add per-repo PinnedPubKey option
Allan McRae
allan at archlinux.org
Tue Nov 1 23:28:07 UTC 2016
On 01/11/16 06:36, Travis Burtrum wrote:
>>From abb057844eec0e5707c31b643d0f2187b4cf0eb6 Mon Sep 17 00:00:00 2001
> From: Travis Burtrum <travis.archlinux at burtrum.org>
> Date: Mon, 31 Oct 2016 02:12:31 -0400
> Subject: [PATCH] Add per-repo PinnedPubKey option
>
> This sets curl's CURLOPT_PINNEDPUBLICKEY option in the built-in
> downloader, or replaces %p in XferCommand. This pins public
> keys to ensure your TLS connection is not man-in-the-middled
> without relying on CAs etc. Probably most useful currently
> for very small groups or single servers.
>
> It would obviously be best as a per-mirror option, but such
> a thing currently does not exist.
I agree that this is a per mirror option. It is too out of place as a
per repository setting (except maybe when there is only a single sever
providing a repo). So I will not accept this patch.
Allan
More information about the pacman-dev
mailing list