On 2011/5/21 Kerrick Staley <[email protected]> wrote: >> Note that how Arch will deal with signing in their repos is being > finalised >> elsewhere, but to reiterate, that has nothing to do with the pacman >> implementation. > Where? > >> This is why it needs to be kept completely separate from discussions about >> implementing signature verification work in pacman. > Eh? pacman-dev is the most relevant list I've found for discussion of this > issue. The key-signing mechanism in pacman (in particular, its ease-of-use) > has a direct impact on its adoption, and the two conversations should not be > separated.
Hello Kerrick, There is no such key-signing mechanism in pacman, and there no plan to have such a thing. Keys are signed using the standard GPG utilities and are completely up to the packagers and repository admins. Details about the implementation chosen by Archlinux can be discussed on [email protected]. You may also find discussions in archives of [email protected]. Rémy.
