On Tue, Aug 25, 2009 at 12:19 AM, Allan McRae<[email protected]> wrote: > Xavier wrote: >> >> Just to let you know that I resurrected the gpg branch there : >> http://code.toofishes.net/cgit/xavier/pacman.git/log/?h=gpg >> >> I took Dan's newgpg branch (with a few changes) : >> http://code.toofishes.net/cgit/dan/pacman.git/commit/?h=newgpg >> then merged the pending patches we had : >> http://archlinux.org/pipermail/pacman-dev/2008-December/007808.html >> http://archlinux.org/pipermail/pacman-dev/2008-December/007836.html >> http://archlinux.org/pipermail/pacman-dev/2008-December/007837.html >> and rebased it all on master. >> >> Actually I don't see what else needs to be done on the implementation >> side, it looks almost complete to me. >> >> Now the big remaining problem is everything related to key >> administration still needs to be figured out, and this is critical in >> term of security. >> But it might not need additional tool support. >> > > So... how about we set up a small signed package repo somewhere and just > see how this all goes? We are not going to know all the issues until we > actually use it. >
That's probably a good idea. I wish some people who actually knew how to use gnupg a bit could help though :)
