[pacman-dev] [PATCH] Disable embedded signatures by default

Eli Schwartz eschwartz at archlinux.org
Mon Aug 10 21:44:45 UTC 2020


On 8/10/20 5:34 PM, Anatol Pomozov wrote:
> Switching from embedded to detached signatures is a big change. This
> feature needs to be thoroughly tested before embedded signatures will be
> completely removed from the database.
> 
> To help with detached signatures testing we enable it by default. But in
> case if an user needs to go back to embedded signatures we add a config
> option to reenable it - "UseEmbeddedSignatures".
What is the purpose of this? Either signature source should be
equivalent, and you should be able to trivially test this by creating a
repo with unsigned packages, then bulk-signing the packages after they
were repo-added. I don't believe that pacman should include such an
end-user option purely to double-check whether a current feature
actually works.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200810/f46e3230/attachment.sig>


More information about the pacman-dev mailing list