On 8/10/20 5:34 PM, Anatol Pomozov wrote: > Switching from embedded to detached signatures is a big change. This > feature needs to be thoroughly tested before embedded signatures will be > completely removed from the database. > > To help with detached signatures testing we enable it by default. But in > case if an user needs to go back to embedded signatures we add a config > option to reenable it - "UseEmbeddedSignatures". What is the purpose of this? Either signature source should be equivalent, and you should be able to trivially test this by creating a repo with unsigned packages, then bulk-signing the packages after they were repo-added. I don't believe that pacman should include such an end-user option purely to double-check whether a current feature actually works.
-- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
