On 2011/5/21 ari edelkind <[email protected]> wrote: >> To be honest, I have very little idea about pacman "program flow". I >> follow something like this every time I go to dig deeper into the pacman >> code and fix something: >> >> http://allanmcrae.com/2010/11/basic-overview-of-pacman-code/ > > This is quite useful. > I should say, however, that i wasn't actually referring to pacman > program flow -- i was referring specifically to the flow of the > signing/verification process, as it's intended to operate.
There is not really any flow: the signatures are downloaded along with the package, and the MD5 check is supplemented/replaced by a signature check (which is essentially a single call to libgpgme). Same process for databases. -- Rémy.
