[pacman-dev] [PATCH] Disable embedded signatures by default
eschwartz at archlinux.org
Mon Aug 10 21:44:45 UTC 2020
On 8/10/20 5:34 PM, Anatol Pomozov wrote:
> Switching from embedded to detached signatures is a big change. This
> feature needs to be thoroughly tested before embedded signatures will be
> completely removed from the database.
> To help with detached signatures testing we enable it by default. But in
> case if an user needs to go back to embedded signatures we add a config
> option to reenable it - "UseEmbeddedSignatures".
What is the purpose of this? Either signature source should be
equivalent, and you should be able to trivially test this by creating a
repo with unsigned packages, then bulk-signing the packages after they
were repo-added. I don't believe that pacman should include such an
end-user option purely to double-check whether a current feature
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1601 bytes
Desc: OpenPGP digital signature
More information about the pacman-dev