On 04/02/11 11:41, Denis A. Altoé Falqueto wrote:
Hi, Allan and friends :)
I'm working on the items of the todo list [1] for package signing and
have a question with the item of the subject of this email.
Basically, what should be the list of accepted keys? The keys in
pacman's keyring? Probably yes, isn't it? So the signature is made
with a key from user's keyring (be it the default or one passed as
parameter) and the verifying should be made with pacman's keyring?
Just asking to be sure.
[1] https://wiki.archlinux.org/index.php/User:Allan/Package_Signing
Essentially I am not so sure myself!
This TODO came from a note in the "repo-add: add -v/--verify option"
commit message. But in the end, I would think the pacman keyring
should be used for verification here as separation from the users
keyring is probably preferable.
Allan
