Re: [arch-dev-public] [aur-general] AUR migration

2020-07-28 Thread Giancarlo Razzolini via arch-dev-public
Em julho 28, 2020 9:46 Filipe Laíns escreveu: On Mon, 2020-07-27 at 14:43 -1000, Gaetan Bisson via arch-dev-public wrote: [2020-07-27 21:10:23 -0300] Giancarlo Razzolini: > Em julho 27, 2020 21:03 Gaetan Bisson escreveu: > > It's quite unsettling that we seem to be rushing to write a news post

Re: [arch-dev-public] [aur-general] AUR migration

2020-07-28 Thread Filipe Laíns via arch-dev-public
On Mon, 2020-07-27 at 14:43 -1000, Gaetan Bisson via arch-dev-public wrote: > [2020-07-27 21:10:23 -0300] Giancarlo Razzolini: > > Em julho 27, 2020 21:03 Gaetan Bisson escreveu: > > > It's quite unsettling that we seem to be rushing to write a news post > > > while this very reasonable suggestion

Re: [arch-dev-public] [aur-general] AUR migration

2020-07-28 Thread Gaetan Bisson via arch-dev-public
[2020-07-28 13:46:23 +0100] Filipe Laíns: > If one machine gets compromised the keys are also compromised. I never suggested to use the same keys for multiple servers. Only that if luna's main purpose is to provide a service and this service is moved to a different host, it makes sense to move

Re: [arch-dev-public] [aur-general] AUR migration

2020-07-28 Thread Eli Schwartz via arch-dev-public
On 7/28/20 4:13 PM, Gaetan Bisson via arch-dev-public wrote: > [2020-07-28 13:46:23 +0100] Filipe Laíns: >> If one machine gets compromised the keys are also compromised. > > I never suggested to use the same keys for multiple servers. > > Only that if luna's main purpose is to provide a service

Re: [arch-dev-public] [aur-general] AUR migration

2020-07-28 Thread Baptiste Jonglez
On 27-07-20, Giancarlo Razzolini via aur-general wrote: > Em julho 27, 2020 21:03 Gaetan Bisson escreveu: > > > > It's quite unsettling that we seem to be rushing to write a news post > > while this very reasonable suggestion remains completely ignored. > > > > It wasn't ignored. They keys were

Re: [arch-dev-public] Use detached package signatures by default

2020-07-28 Thread Anatol Pomozov via arch-dev-public
Hi On Wed, Jul 8, 2020 at 8:22 PM Allan McRae via arch-dev-public wrote: > > On 9/7/20 1:05 pm, Anatol Pomozov wrote: > > Given this information I would like to propose to stop using embedded > > signatures and move to detached signatures by default. This will > > require pacman 6.x or as

Re: [arch-dev-public] Use detached package signatures by default

2020-07-28 Thread Giancarlo Razzolini via arch-dev-public
Em julho 28, 2020 16:26 Anatol Pomozov via arch-dev-public escreveu: It sounds great. If we go this route for pacman 6.0 then it will take about 1 year to switch to the detached signatures. As it is quite an important change I would love to see its codepath tested as much as possible before we

Re: [arch-dev-public] [aur-general] AUR migration

2020-07-28 Thread Giancarlo Razzolini via arch-dev-public
Em julho 27, 2020 21:03 Gaetan Bisson escreveu: It's quite unsettling that we seem to be rushing to write a news post while this very reasonable suggestion remains completely ignored. It wasn't ignored. They keys were deliberately changed in the process. For future migrations I would