FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 11-01-2011, 01:40 PM
Pierre Schmitz
 
Default FYI: New packages have to be signed

Hi all,

as discussed all new packages have to be signed from now on. This mean
that if you use a build server you have to download the package to
create the signature. Also see
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages

A new version of devtools will follow soon.

Greetings,

Pierre

--
Pierre Schmitz, http://pierre-schmitz.com
 
Old 11-01-2011, 01:40 PM
Pierre Schmitz
 
Default FYI: New packages have to be signed

Hi all,

as discussed all new packages have to be signed from now on. This mean
that if you use a build server you have to download the package to
create the signature. Also see
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages

A new version of devtools will follow soon.

Greetings,

Pierre

--
Pierre Schmitz, http://pierre-schmitz.com
 
Old 11-01-2011, 02:04 PM
Smartboy
 
Default FYI: New packages have to be signed

Just wondering, as a user, does this mean Pacman will now complain if one
builds and installs unsigned packages from the AUR?

Smartboy

On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz <pierre@archlinux.de> wrote:

> Hi all,
>
> as discussed all new packages have to be signed from now on. This mean
> that if you use a build server you have to download the package to
> create the signature. Also see
> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
>
> A new version of devtools will follow soon.
>
> Greetings,
>
> Pierre
>
> --
> Pierre Schmitz, http://pierre-schmitz.com
>
 
Old 11-01-2011, 04:53 PM
Philipp Überbacher
 
Default FYI: New packages have to be signed

Excerpts from Pierre Schmitz's message of 2011-11-01 15:40:53 +0100:
> Hi all,
>
> as discussed all new packages have to be signed from now on. This mean
> that if you use a build server you have to download the package to
> create the signature. Also see
> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
>
> A new version of devtools will follow soon.
>
> Greetings,
>
> Pierre

Did this go to the right list? Was it only meant for TUs? If neither,
please elaborate.

Philipp
 
Old 11-01-2011, 05:05 PM
Kwpolska
 
Default FYI: New packages have to be signed

On Tue, Nov 1, 2011 at 4:04 PM, Smartboy <smartboyathome@gmail.com>
wrote:> Just wondering, as a user, does this mean Pacman will now
complain if one> builds and installs unsigned packages from the AUR?
nope, pacman -U would work the same way.
>> Smartboy>> On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz <pierre@archlinux.de> wrote:>>> Hi all,>>>> as discussed all new packages have to be signed from now on. This mean>> that if you use a build server you have to download the package to>> create the signature. Also see>> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages>>>> A new version of devtools will follow soon.>>>> Greetings,>>>> Pierre>>>> -->> Pierre Schmitz, http://pierre-schmitz.com>>>
* * *

On Tue, Nov 1, 2011 at 6:53 PM, Philipp Überbacher
<hollunder@lavabit.com> wrote:
> Excerpts from Pierre Schmitz's message of 2011-11-01 15:40:53 +0100:
>> Hi all,
>>
>> as discussed all new packages have to be signed from now on. This mean
>> that if you use a build server you have to download the package to
>> create the signature. Also see
>> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages
>>
>> A new version of devtools will follow soon.
>>
>> Greetings,
>>
>> Pierre
>
> Did this go to the right list? Was it only meant for TUs? If neither,
> please elaborate.
>
> Philipp
>
>

> To: Public mailing list for Arch Linux development>*<arch-dev-public@archlinux.org>, "Discussion about the Arch User Repository>*(AUR)" <aur-general@archlinux.org>
--
Kwpolska <http://kwpolska.tk>
stop html mail * * *| always bottom-post
www.asciiribbon.org | www.netmeister.org/news/learn2quote.html
GPG KEY: 5EAAEA16 * | Arch Linux x86_64, zsh, mutt, vim.
# vim:set textwidth=70:
 
Old 11-01-2011, 05:11 PM
Jelle van der Waa
 
Default FYI: New packages have to be signed

On 01/11/11 18:53, Philipp Überbacher wrote:

Excerpts from Pierre Schmitz's message of 2011-11-01 15:40:53 +0100:

Hi all,

as discussed all new packages have to be signed from now on. This mean
that if you use a build server you have to download the package to
create the signature. Also see
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages

A new version of devtools will follow soon.

Greetings,

Pierre


Did this go to the right list? Was it only meant for TUs? If neither,
please elaborate.

Philipp


Yes this is only for TU's

--
Jelle van der Waa
 
Old 11-01-2011, 05:14 PM
Smartboy
 
Default FYI: New packages have to be signed

Alright, disregard my reply. Sorry. ^^;

Smartboy
 
Old 11-01-2011, 05:14 PM
Ionut Biru
 
Default FYI: New packages have to be signed

On 11/01/2011 05:04 PM, Smartboy wrote:

Just wondering, as a user, does this mean Pacman will now complain if one
builds and installs unsigned packages from the AUR?



it won't complain because SignLevel is Optional TrustedOnly, which means
that it will check if a signature is available.



p.s top posting sucks


Smartboy

On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz<pierre@archlinux.de> wrote:


Hi all,

as discussed all new packages have to be signed from now on. This mean
that if you use a build server you have to download the package to
create the signature. Also see
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages

A new version of devtools will follow soon.

Greetings,

Pierre

--
Pierre Schmitz, http://pierre-schmitz.com




--
IonuÈ›
 
Old 11-02-2011, 08:57 AM
Thomas Bächler
 
Default FYI: New packages have to be signed

Am 01.11.2011 19:05, schrieb Kwpolska:
> On Tue, Nov 1, 2011 at 4:04 PM, Smartboy <smartboyathome@gmail.com>
> wrote:> Just wondering, as a user, does this mean Pacman will now
> complain if one> builds and installs unsigned packages from the AUR?

The default SigLevel is "Optional" for now. This should be changed to
"PackageRequired" or "Required" IMO, but then you can't install unsigned
packages with pacman -U any more. Maybe pacman -U --no-signature should
exist.
 

Thread Tools




All times are GMT. The time now is 11:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org