[Dev] Package signing policy

Luke T.Shumaker lukeshu at sbcglobal.net
Mon Dec 5 22:50:45 GMT 2011

At Mon, 5 Dec 2011 16:40:12 -0300,
Nicolás Reynolds wrote:
> Hi, I've asked angvp from Arch about the package signing policy that Arch will
> have. Apparently nothing's decided yet, but they're implementing this:
> * There will be 5 "master keys" from 5 notorious Arch devs
> * A packager key must be signed for at least 3 of the master keys to upload
>   packages
> * This policy will be coded in dbscripts 
> * Pacman does other stuff
> * Keys would be signed by other Arch packagers
> Disclaimer: this is my own interpretation of what angvp told me ;)
> He'll document himself a little more to give us information. But I think now is
> the moment to define our own package signing policy.
> IMO they should be simple and democratic :D

Agreed, Arch's policy sounds no fun.

But also, I should note that parabolaweb has already inherited Arch's
master key management app.


... and it looks like you've already noticed it.

~ Luke Shumaker

More information about the Dev mailing list