On 9/7/20 1:05 pm, Anatol Pomozov wrote: > Given this information I would like to propose to stop using embedded > signatures and move to detached signatures by default. This will > require pacman 6.x or as alternative backport the fix(es) to 5.x > branch. It will help to make system updates even faster, something > that me and many other Arch users really love.
There are several steps we need to complete: 1) backport the patch (or wait for pacman-6.0, which may be a while yet). I'll leave that to the distro packagers to decide! 2) adjust repo-add to optionally add signatures. 3) make a time line that all users need to have the patched/released pacman installed - we usually require at least 6 months. 4) turn off signature inclusion in repo dbs. Allan