[Dev] Package signing policy
Nicolás Reynolds
fauno at kiwwwi.com.ar
Mon Dec 5 19:40:12 GMT 2011
Hi, I've asked angvp from Arch about the package signing policy that Arch will
have. Apparently nothing's decided yet, but they're implementing this:
* There will be 5 "master keys" from 5 notorious Arch devs
* A packager key must be signed for at least 3 of the master keys to upload
packages
* This policy will be coded in dbscripts
* Pacman does other stuff
* Keys would be signed by other Arch packagers
Disclaimer: this is my own interpretation of what angvp told me ;)
He'll document himself a little more to give us information. But I think now is
the moment to define our own package signing policy.
IMO they should be simple and democratic :D
--
Salud!
Nicolás Reynolds,
xmpp:fauno at kiwwwi.com.ar
omb:http://identi.ca/fauno
OTR: C0CB1F0F 01DB5E18 2D634C2A A4626858 E7C7C3A2
http://parabolagnulinux.org
http://endefensadelsl.org
"Freedom [...] is messy" ~ Eben Moglen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20111205/f7d27a76/attachment.sig>
More information about the Dev
mailing list