On Mon, Aug 24, 2009 at 5:28 PM, Xavier<[email protected]> wrote: > On Tue, Aug 25, 2009 at 12:19 AM, Allan McRae<[email protected]> wrote: >> Xavier wrote: >>> >>> Just to let you know that I resurrected the gpg branch there : >>> http://code.toofishes.net/cgit/xavier/pacman.git/log/?h=gpg >>> >>> I took Dan's newgpg branch (with a few changes) : >>> http://code.toofishes.net/cgit/dan/pacman.git/commit/?h=newgpg >>> then merged the pending patches we had : >>> http://archlinux.org/pipermail/pacman-dev/2008-December/007808.html >>> http://archlinux.org/pipermail/pacman-dev/2008-December/007836.html >>> http://archlinux.org/pipermail/pacman-dev/2008-December/007837.html >>> and rebased it all on master. >>> >>> Actually I don't see what else needs to be done on the implementation >>> side, it looks almost complete to me. >>> >>> Now the big remaining problem is everything related to key >>> administration still needs to be figured out, and this is critical in >>> term of security. >>> But it might not need additional tool support. >>> >> >> So... how about we set up a small signed package repo somewhere and just >> see how this all goes? We are not going to know all the issues until we >> actually use it. >> > > That's probably a good idea. > I wish some people who actually knew how to use gnupg a bit could help though > :)
I did a whole lot of looking and working on this today while sitting in the jury waiting room (and woo, I got picked to be on a jury, meh). I've actually worked my way back through the original patches and am about halfway through what Xavier has on his branch, and I've actually added another 3 or 4 patches to the mix. I'll try to push the "results" somewhere public tonight. I do feel the momentum on this whole thing actually moving in the right direction, however, so that is awesome. Hopefully I will be able to continue the patch processing and tidying and keep looking at this throughout the week. -Dan
