On Tue, Jun 15, 2010 at 10:57 AM, Dimitrios Apostolou <jimis@xxxxxxx> wrote: > On Mon, 14 Jun 2010, Denis A. Altoé Falqueto wrote: >> >> And keep in mind that package signing per se will not solve this kind >> of problems. Repository database signing is more important for that >> solution, but is a problem in the current workflow of Arch developers. > > How exactly is core and extra database populated? > > Moreover, instead of building all packages in the private PCs of developers, > I think it is preferable to submit PKGBUILDs to build servers (via web > interface maybe) and let the servers do the build + signing + repoupdate... > That way if a developer's system gets compromised his packages will stay > clean. Of course that needs extra work and equipment, but perhaps we can > agree to it as a future target. Well, in fact, that is the very problem we have. The repository database files are created remotely and I think that we should avoid signing files remotely. In fact, a dev's machine is less visible than the servers of Arch. And sse the response from Ionut too. I was thinking (see the wiki page for details) in a way to break the creation of the repo db files in two stages. It probably will be transparent for the developers. One stage creates the db file and the other signs, but that must be done locally. I think that creating an MD5 checksum and signing just that can be a solution. -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto -------------------------------------------
