[pacman-dev] [PATCH] repo-add: add --include-sigs option

Anatol Pomozov anatol.pomozov at gmail.com
Mon Sep 28 20:53:32 UTC 2020


Hi

On Thu, Sep 3, 2020 at 7:41 PM Eli Schwartz <eschwartz at archlinux.org> wrote:
>
> On 9/2/20 11:02 PM, Allan McRae wrote:
> > Pacman now downloads the signature files for all packages when present in a
> > repository.  That makes distributing signatures within repository databases
> > redundant and costly.
> >
> > Do not distribute the package signature files within the repo databases by
> > default and add an --include-sigs to revert to the old behaviour.
>
> As I've mentioned on the list before, I would like an --ignore-sigs
> option and continue to distribute sigs by default for pacman 6.0

I agree with Eli here. "Using embedded signatures" should stay default
as long as we support clients with pacman 5.x version.

Otherwise we are going to hit problems when a repo maintainer updated
their system to pacman 6.x and started distributing optimized
databases without signatures while some clients still expect embedded
sigs.

So I vote for including sigs by default in pacman 6.0 release, and
then flip the default later (during 6.0.1 or 6.1 release).


More information about the pacman-dev mailing list