On Sun, Jun 13, 2010 at 7:46 AM, Xavier Chantry <chantry.xavier@xxxxxxxxx> wrote: > On Sun, Jun 13, 2010 at 11:38 AM, Ananda Samaddar <ananda@xxxxxxxxxxxxxx> wrote: >> >> This is the reason why we need package signing for Pacman. I'm aware >> that some progress has been made and it's being worked on. Are there >> any updates? >> > > It's all there : http://projects.archlinux.org/users/allan/pacman.git/log/?h=gpg > and there : > http://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman > > Come back to us when everything is implemented and working :) > > You can also read the last thread : > http://mailman.archlinux.org/pipermail/arch-general/2010-April/012897.html > And contact Denis A. Altoé Falqueto about pacman-key and all the rest, > and maybe Aleksis Jauntēvs too > > Basically there is no one leading and coordinating these efforts, just > various people who pushed it a bit at random time in the past, and got > quickly de-motivated by the lack of interest from everyone else. Yes, it's basically true. I'm ye a little motivated. I just don't have the time right now to do anything. I think I'll push pacman-key and some other things to the project on gitorious (http://gitorious.org/pacman-pkgsig). It is a fork of the sig branch of Allan's git repository, so that we can test things without the need to have commit rights on Allan's repo. Anyway, I'm trying to find some time to work on it as soon as possible, but I can't promise anything. This is my first time working with C in a big implementation, so this is other problem to deal with. And keep in mind that package signing per se will not solve this kind of problems. Repository database signing is more important for that solution, but is a problem in the current workflow of Arch developers. -- ------------------------------------------- Denis A. Altoe Falqueto -------------------------------------------
