[pacman-dev] [PATCH] repo-add: add --include-sigs option
Eli Schwartz
eschwartz at archlinux.org
Fri Sep 4 02:40:54 UTC 2020
On 9/2/20 11:02 PM, Allan McRae wrote:
> Pacman now downloads the signature files for all packages when present in a
> repository. That makes distributing signatures within repository databases
> redundant and costly.
>
> Do not distribute the package signature files within the repo databases by
> default and add an --include-sigs to revert to the old behaviour.
As I've mentioned on the list before, I would like an --ignore-sigs
option and continue to distribute sigs by default for pacman 6.0
In pacman 6.1 we'll switch by default to ignoring them, and let people
use --include-sigs to revert to the old behavior.
Ignoring sigs right out of the gate means the default behavior of
repo-add is to be unusable for people upgrading from pacman N-1. For
example, Arch Linux would most certainly need to use the option to
provide backwards compat while upgrading. So do third-party repositories.
Also: this option cannot be added to scripts ahead of time, since
repo-add will error on an unknown option, and it cannot be added after
the fact, since some packages will be broken in the meantime.
I don't see what the rush is here to add behavior that no one will want
to use.
- It makes sense to make this configurable now that it's useful to be
able to ignore them.
- At the same time, defaults should be based on what is more likely for
people to want.
--
Eli Schwartz
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200903/8ebf64ad/attachment.sig>
More information about the pacman-dev
mailing list