Gerhard Brauer <[email protected]> writes: > a) The Keyring= Option indicates pacman if the signing framework should > be used > > b) This var signals pacman where to find the public keyring for this > repo. AND we could have different keyrings for repos. > Ex.: the TU (if community packages get signed) fluctuation is IMHO > bigger than on the Developers side. So keyring updates are more often > necassary on community/TU side. And myself find it better to have the > TUs signatures/trustlevel not in the same keyring like developers > (core,extra) keyring for package signing. > > c) With this var a extern repo (ex. the france yaourt repo) could > offers also signed packages - and a properly public keyring.
If I understand gpgme correctly, you can't just tell it to use a public keyring from a given file. This applies to the gpg binary as well. GnuPG's paradigm is one of home directories. You specify a GnuPG home directory, such as ~/.gnupg or /etc/pacman.d/gnupg, and it looks for pubring.gpg and other necessary files in that place. One possibility is to allow overriding of GPGDir on a per-repo basis. Regards, -- Chris _______________________________________________ pacman-dev mailing list [email protected] http://archlinux.org/mailman/listinfo/pacman-dev
