On Sat, 2011-02-19 at 20:05 +0100, Alf Gaida wrote: > >Yeah! Archers deserve to die! > > > >But really I'm not convinced by this hyper-paranoia trash. > >There will always be ways to compromise your machine. Someone who would > >go through the trouble of setting up a proxy mirror and injecting > >malicious code into seemingly normal packages is probably going to find > >other ways. Package signing will not protect you. > > > >You will never be safe. > >The truth is out there. > This is opensource - if you would create real trouble, just help with kernel- > modules. ;) The only difference is, in other distributions these errors came > through your system signed. > > Why hacking, when simple development is so easy? >
I don't understand what you are saying, but in short. You can't force Allan / any pacman-dev to create package signing for pacman. If you really want to get this feature into pacman/archlinux (dbscripts etc. needs to be redone too): -read the code -add patches -wait for devs to sign them off on a side note: http://media.ccc.de/browse/congress/2010/27c3-4295-en-high_speed_high_security_cryptography.html -- Jelle van der Waa
signature.asc
Description: This is a digitally signed message part