On 2011/6/1 Kerrick Staley <[email protected]> wrote: >> tl;dr. You seem to have issues separating what happens here on >> pacman-dev from what happens in Arch Linux. Although the majority of >> pacman's userbase _is_ indeed Arch Linux, we maintain portability to >> OSX, cygwin, and the BSDs. Anything to do with Arch Linux packages >> _specifically_ has no effect on our ability to roll out a new release of >> pacman. > > Security is a system, not a line of code, and other distributions will > need to implement a secure system if they want to use pacman as their > package manager. Hence, broader discussion about the implementation of > signing should take place on this list; anything specific to Arch can > be generalized to other distributions. You're correct in that we don't > have to wait on the infrastructure to ship an updated pacman, but I'm > personally only interested in achieving a working implementation of > package signing on Arch Linux, and so I will frame my discussion > appropriately. Perhaps I could have clarified that "Blocking" and > "Non-Blocking" are relative to this goal.
Hello Kerrick, As you say, pacman is not a system, just lines of code, it provides tools to use gpg as a security system, and any system discussions go to [email protected]. Few Archlinux developers, as far as I know, read the pacman-dev mailing-list. Rémy.
