[Dev] Package signing policy

Nicolás Reynolds fauno at kiwwwi.com.ar
Mon Dec 5 19:40:12 GMT 2011

Hi, I've asked angvp from Arch about the package signing policy that Arch will
have. Apparently nothing's decided yet, but they're implementing this:

* There will be 5 "master keys" from 5 notorious Arch devs

* A packager key must be signed for at least 3 of the master keys to upload

* This policy will be coded in dbscripts 

* Pacman does other stuff

* Keys would be signed by other Arch packagers

Disclaimer: this is my own interpretation of what angvp told me ;)

He'll document himself a little more to give us information. But I think now is
the moment to define our own package signing policy.

IMO they should be simple and democratic :D

Nicolás Reynolds,
xmpp:fauno at kiwwwi.com.ar

OTR: C0CB1F0F 01DB5E18 2D634C2A A4626858 E7C7C3A2


"Freedom [...] is messy" ~ Eben Moglen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20111205/f7d27a76/attachment.sig>

More information about the Dev mailing list