On 28.04.2017 14:41, Megver83 wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi everyone, I just wrote > https://wiki.parabola.nu/Pacman_troubleshooting so for the ones who > have problems with keys see > https://wiki.parabola.nu/Pacman_troubleshooting#Errors_about_Keys > > This should also appear in Parabola news, since the commands given > there are incorrect. It's better to give the link to this wiki page. > > - -- > SIP: [email protected] > XMPP: [email protected] > Tox: [email protected] > GPG: 0x227CA7C556B2BA78 > GNUSocial: @[email protected] > Diaspora*: David P. (same XMPP ID) > -----BEGIN PGP SIGNATURE----- > > iQEzBAEBCgAdFiEEbbnEtPDYwNxDLPbkInynxVayungFAlkDOGQACgkQInynxVay > ungxKgf/XXo/s63/3eFWG2vGzoyMylvagq2MVEL9Hxah4MO1kGHTXq6A+gE1WnzK > 5jutA15L0FkgJeAfBhVwDBfMs0Y9e2ozWHy2x0lKt4HsnmpkJy16qmOW8xE26Eza > YBodb6f3t2M2mJ7eAgNIs0u4rsYziQiJn+VLnCRkIxMsKUT8DkrTREW1rIx3q2ZE > FwT64UHAcYgoXSRbxnGUhJHEH3u+b0Bys9yIxIndDes0F5RY6egL7PIS0POPUYbp > 6HHBsPoBfwPcfp4wXBaah5m5IzgaaGW7I5R7pYk3FBhctfM5a6648Zqk1sTwfqYO > JTufCYt0E+QZZdos2kcM5qgWmSS8qw== > =eQgv > -----END PGP SIGNATURE----- > _______________________________________________ > Dev mailing list > [email protected] > https://lists.parabola.nu/mailman/listinfo/dev >
Sorry, but what you are suggesting in the wiki can not be called a solution in my honest opinion. Packages are signed to ensure that they are coming from a trusted source. Which in turn allows me to trust my system. Allowing distrusted packages to install breaks that trust, requiring a reinstall to rebuild it. Because there is no straightforward way to be certain that nothing malicious found it's way onto the system. I furthermore think that it is quite concerning to provide that as a solution. Especially considering parabolas context as a distribution that only provides free software. Which among other things is about trust. In my opinion the only viable solution to this problem is providing a fixed parabola-keyring package that is signed by an already trusted key. And maybe even to stop doing automatic builds for the package that basically is the foundation of trust for parabola _______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
