On 2/2/20 4:59 PM, Christopher W. via arch-general wrote: > Hi. The wiki states that database signatures for pacman are currently > a work in progress. It's been that way for a long time, so I assume > there is no "progress" happening. What is currently in the way of this > much-needed security feature to be fully implemented? As Levente said, this is supported by pacman, but not by Arch Linux -- and the reason for the latter is that it is complicated to come up with a signing scheme which everyone is happy with. It needs to support remote server signing by any of 74 different authorized individuals. Hopefully there will be wonderful news soon. In the meantime, I for one make sure that my personal repository hosted on https://pkgbuild.com includes database signatures. -- Eli Schwartz Bug Wrangler and Trusted User
Attachment:
signature.asc
Description: OpenPGP digital signature
