On 2011/4/11 Dan McGee <[email protected]> wrote: > On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng > <[email protected]> wrote: >> These patches (partially already submitted before) make linking with >> gpgme optional, and also implement a configuration option for >> pacman to use an external tool for signature checking. >> The given example is "gpg --verify - $filename", but "/bin/true" >> could be used to totally bypass checking. > > You totally misread my TODO item, sorry, and I never intended someone > else to do this one but put it on the list in trying to be open about > things. :/ > > I meant nothing about letting an external tool validate signatures; as > a matter of fact I am highly against this. I only wanted gpgme and > signature checking to be an option that could be omitted when > compiling, for instance if someone decided to use this to manage > custom packages elsewhere with no intent of sharing publicly, or > another OS where gpg is not so readily available.
Gah I read "like we do with our download code" which looked exactly like I thought. However, I may understand that you don't want to merge this, even if I found the idea interesting. -- Rémy.
