[Dev] Package signing policy
Luke T.Shumaker
lukeshu at sbcglobal.net
Mon Dec 5 22:50:45 GMT 2011
At Mon, 5 Dec 2011 16:40:12 -0300,
Nicolás Reynolds wrote:
> Hi, I've asked angvp from Arch about the package signing policy that Arch will
> have. Apparently nothing's decided yet, but they're implementing this:
>
> * There will be 5 "master keys" from 5 notorious Arch devs
>
> * A packager key must be signed for at least 3 of the master keys to upload
> packages
>
> * This policy will be coded in dbscripts
>
> * Pacman does other stuff
>
> * Keys would be signed by other Arch packagers
>
> Disclaimer: this is my own interpretation of what angvp told me ;)
>
> He'll document himself a little more to give us information. But I think now is
> the moment to define our own package signing policy.
>
> IMO they should be simple and democratic :D
Agreed, Arch's policy sounds no fun.
But also, I should note that parabolaweb has already inherited Arch's
master key management app.
https://parabolagnulinux.org/master-keys/
... and it looks like you've already noticed it.
~ Luke Shumaker
More information about the Dev
mailing list