[Dev] Package signing policy

Nicolás Reynolds fauno at kiwwwi.com.ar
Wed Dec 21 21:35:15 GMT 2011


On Wed, 21 Dec 2011 14:00:42 -0300, Nicolás Reynolds <fauno at kiwwwi.com.ar> wrote:
> On Mon, 5 Dec 2011 16:40:12 -0300, Nicolás Reynolds <fauno at kiwwwi.com.ar> wrote:
> > 
> > Hi, I've asked angvp from Arch about the package signing policy that Arch will
> > have. Apparently nothing's decided yet, but they're implementing this:
> > 
> > * There will be 5 "master keys" from 5 notorious Arch devs
> > 
> > * A packager key must be signed for at least 3 of the master keys to upload
> >   packages
> > 
> > * This policy will be coded in dbscripts 
> > 
> > * Pacman does other stuff
> > 
> > * Keys would be signed by other Arch packagers
> OB> 
> > Disclaimer: this is my own interpretation of what angvp told me ;)
> > 
> > He'll document himself a little more to give us information. But I think now is
> > the moment to define our own package signing policy.
> > 
> > IMO they should be simple and democratic :D
> 
> 
> Bump!

I'm attaching a log from #parabola
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: package-signing.log
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20111221/34878160/attachment.log>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20111221/34878160/attachment.sig>


More information about the Dev mailing list