[Dev] Package signing policy
Nicolás Reynolds
fauno at kiwwwi.com.ar
Wed Dec 21 17:00:42 GMT 2011
On Mon, 5 Dec 2011 16:40:12 -0300, Nicolás Reynolds <fauno at kiwwwi.com.ar> wrote:
>
> Hi, I've asked angvp from Arch about the package signing policy that Arch will
> have. Apparently nothing's decided yet, but they're implementing this:
>
> * There will be 5 "master keys" from 5 notorious Arch devs
>
> * A packager key must be signed for at least 3 of the master keys to upload
> packages
>
> * This policy will be coded in dbscripts
>
> * Pacman does other stuff
>
> * Keys would be signed by other Arch packagers
OB>
> Disclaimer: this is my own interpretation of what angvp told me ;)
>
> He'll document himself a little more to give us information. But I think now is
> the moment to define our own package signing policy.
>
> IMO they should be simple and democratic :D
Bump!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20111221/e5fd0988/attachment.sig>
More information about the Dev
mailing list