Doubt about signed packages.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: arch-general@xxxxxxxxxxxxx
Subject: Doubt about signed packages.
From: "Keerthan jai.c" <jckeerthan@xxxxxxxxx>
Date: Tue, 1 Mar 2011 12:50:08 +0530
Reply-to: General Discussion about Arch Linux <arch-general@xxxxxxxxxxxxx>

Why can't we do this?

1) Keep hashes of {core,extra,community,multilib}.db in plaintext in
keys.archlinux.org or something
2) while syncing pacman compares the hashes of the downloaded dbs from the
main server ensuring that the packages are not tampered!

-- 
have a nice day
-jck

Follow-Ups:
- Re: Doubt about signed packages.
  - From: Ng Oon-Ee

Prev by Date: Re: [arch-dev-public] [signoff] ncurses-5.8-1
Next by Date: Re: [arch-dev-public] [signoff] ncurses-5.8-1
Previous by thread: GSoC 2011
Next by thread: Re: Doubt about signed packages.
Index(es):
- Date
- Thread

[Index of Archives] [Linux Wireless] [Linux Kernel] [ATH6KL] [Linux Bluetooth] [Linux Netdev] [Kernel Newbies] [Share Photos] [IDE] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Linux ATA RAID] [Samba] [Device Mapper]

Powered by Linux