On Wednesday, February 5, 2020 3:55 AM, Eli Schwartz via arch-general <arch-general@xxxxxxxxxxxxx> wrote: > On 2/2/20 4:59 PM, Christopher W. via arch-general wrote: > > > Hi. The wiki states that database signatures for pacman are currently > > a work in progress. It's been that way for a long time, so I assume > > there is no "progress" happening. What is currently in the way of this > > much-needed security feature to be fully implemented? > > As Levente said, this is supported by pacman, but not by Arch Linux -- > and the reason for the latter is that it is complicated to come up with > a signing scheme which everyone is happy with. It needs to support > remote server signing by any of 74 different authorized individuals. > > Hopefully there will be wonderful news soon. In the meantime, I for one > make sure that my personal repository hosted on https://pkgbuild.com > includes database signatures. Has there been any update or progress in this area?
