[pacman-dev] [PATCH] repo-add: add --include-sigs option

Erich Eckner arch at eckner.net
Mon Sep 21 07:19:39 UTC 2020


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 21 Sep 2020, Allan McRae wrote:

> On 21/9/20 3:51 pm, Andrew Gregory wrote:
>>
>> I would suggest just allowing the user to specify either way
>> (--include-sigs/--no-include-sigs, --include-sigs={yes,no}, etc).
>> Then uses can specify whatever they want without having to worry about
>> what we set as a default.
>>
>
> The problem is more the transition.  I would like the default to be not
> to include the signatures in the repo database.  So does pacman need to
> manage the transition from having signatures in a database to not, or do
> the users need to manage that?
>
> With my patch (or any variant the does not include signatures by
> default), users upgrading to repo-add v6.0 would need to adjust their
> repo management utilities to add a signature include option immediately,
> as their users may still be using pacman-5.x.

How about adding the options --include-sigs and --no-include-sigs now 
without changing the default behaviour? Then, everyone could adopt their 
scripts to include that option. Afterwards, pacman v6.0 can change the 
default to not include signatures without breaking setups.

I believe, this is, what Andrew meant, anyways.

>
> Thinking of Arch here, a dbscripts update would need launched on the
> server at the same time as updating repo-add.  I am OK with that - some
> updates need done in concert.  But Eli was not.
>
> Allan
>

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl9oVAwACgkQCu7JB1Xa
e1pLAw/+O8DrpZIKDuiUAtu+jTeovJnheLvNWEErYtJDtddXnYZhqotvdCZA5Ycl
gdVBLejDwVfWraMQYBljfY85aUstJyIwEnQz6nmpKM1ywwIpJEdBZPdzW7BPQpiJ
aPg9+GWJNKKj/IrfTCc0hNVrJuYQ2lPCchZfsAZLv3VSPj18BQNr1m7j4uzSjrPe
hGzeRJBflUXV8QgrMBxF9UN4W25hQojnZ1SA88Dz8xoLzm7ffG5Fa6DlXgVXf8zb
pqu9li949uL3W8teeZKn6b1Va8g3CxT30aZ96qI1Mzsmx8SuK1BGrbDek5OiD0r8
gqDhvCvV4McvcrTPK4cWZgWcnbEtBbU+mgk/mKNg9xleUqGo0dxVna6IIJ3W5jwL
Mk7f72CAFxOMSJ4UwVIAgMXUlOQOFIZ7mtEtzWeYNPB5TA9qY+VS6aXKNdz0hzwP
rCWwvYm2nJ18N2LqyUgfZ5jVnzOUg716c7H92k+45KdD/cQC6JS83zXuzQrauOan
jVZTDzqSPDLfFzT71W8nsXnLlRCX12vfBP0fCOIHjB0WJz7g7B5hnFh7nmIIYwcC
Dus7V8zvhGtSfFNTq973kE0Mfd/IFjSisNwtR+4G34EefkmjbEaoPH7ytCjA6lxl
urGuaHejq9vdzmuwDj6An+9Io4vJVaAEI3R9IBk3dEu2naJPeGI=
=iaM7
-----END PGP SIGNATURE-----


More information about the pacman-dev mailing list