On Mon, Dec 15, 2008 at 2:11 PM, Gerhard Brauer <[email protected]> wrote: > Am Mon, 15 Dec 2008 13:50:49 -0600 > schrieb Chris Brannon <[email protected]>: >> I think pacman should at least complain if the signing key is not >> found in the public keyring. Thoughts? > > IMHO pacman should refuse to install anything from core and extra if > the signature is not found or corrupted. > I don't know what to to with community (maybe a second keyring with > TU signatures?)
Pacman knows nothing about [core], [extra], and [community], so this will not be possible. However, I had considered a few possibilities for this type of stuff and this was the best I could think of: One shared keyring for all repos. Under each repository section, we would have a VerifySignatures option or something similar, which would take values of "Always", "Optional", or "Never", with one of these as a sane default. We would fail when set to "Always" if packages had no signature, we didn't have the signature on the package, or if the signature was invalid. For optional, we would verify the signature if it was there and we had it in our keychain; spit a warning otherwise but continue on. Never seems self explanatory > My thoughts were to make a option to each repo section in pacman.conf. > With this option: Keyring = /foo/bar we have an indicator that pacman > should check for correct signatures and users could have their > unsigned or self-signed repos additionally. Ha! We think alike. I actually typed the above before I read this. -Dan _______________________________________________ pacman-dev mailing list [email protected] http://archlinux.org/mailman/listinfo/pacman-dev
