On Sat, 2011-02-19 at 20:05 +0100, Alf Gaida wrote:
> >Yeah! Archers deserve to die!
> >But really I'm not convinced by this hyper-paranoia trash.
> >There will always be ways to compromise your machine. Someone who would
> >go through the trouble of setting up a proxy mirror and injecting
> >malicious code into seemingly normal packages is probably going to find
> >other ways. Package signing will not protect you.
> >You will never be safe.
> >The truth is out there.
> This is opensource - if you would create real trouble, just help with kernel-
The only difference is, in other distributions these errors came
> through your system signed.
> Why hacking, when simple development is so easy?
I don't understand what you are saying, but in short.
You can't force Allan / any pacman-dev to create package signing for
pacman. If you really want to get this feature into pacman/archlinux
(dbscripts etc. needs to be redone too):
-read the code
-wait for devs to sign them off
on a side note:
Jelle van der Waa