Re: [arch-dev-public] Can we trust our mirrors?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Aaron Griffin schrieb:

When I last spoke to Dan, the biggest issue here was that gpg doesn't
have a library interface. We'd have to call the binary directly from
pacman.
1) There is gpgme! But what does it do? It calls the gpg command line tool (iirc). 2) So what? Let's use gnutls or openssl. We could create an arch root certificate and sign the developers' keys with it, and use RSA or (my preference) DSA signatures. Then you can do it all on a library level.

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux