On Wed, Feb 03, 2010 at 07:55:10PM +0100, Laszlo Papp wrote: > On Wed, Feb 3, 2010 at 7:42 PM, Florian Friesdorf <[email protected]> wrote: > > On Wed, Feb 03, 2010 at 09:32:12PM +0300, Lex Rivera wrote: > >> On 03/02/10 19:10, Florian Friesdorf wrote: > >> > > >> > What about a peer trust network? Publishing packages on the AUR would > >> > involve giving an pgp public key. People sign their PKGBUILDs using > >> > their private key. People can define trust relationships towards other > >> > people ("I trust this person to write good PKGBUILDs" and "I trust this > >> > person's trust in other's"). Being a TU would mean to be signed by the > >> > TU-Authority (or whatever) and trusting the TU authority's trust would > >> > mean you can install packages that are created by TU's. > >> > >> Peer trust network? Isn't that too hard for ordinary user? Download > >> key, import it, set trust level... If there will be some list of > >> "Checked Users" this will be easier and friendlier. But peer trust net > >> is nice idea anyway. > > > > yaourt could ship with the TU-Auth's public key and it's default > > configuration could be to trust packages by people that are signed by > > the TU-Auth. > > > > key management should further be integrated into yoaurt (or the like) > > Yaourt is not supported officially, and it's buggy and abandoned > program at this momment, and it has got a very bad design concept to > parse URLs directly, so much people wouldn't like to use it ...
Well, what are people using to install packages from AUR? -- Florian Friesdorf <[email protected]> GPG FPR: EA5C F2B4 FBBB BA65 3DCD E8ED 82A1 6522 4A1F 4367 Jabber/XMPP: [email protected] OTR FPR: 9E191746 213321FE C896B37D 24B118C0 31785700 IRC: chaoflow on freenode,ircnet,blafasel,OFTC
pgpv58FXQzYvK.pgp
Description: PGP signature
