FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

LinkBack Thread Tools
Old 07-18-2011, 04:26 AM
Dave Reisner
Default Documented SigLevel in pacman.conf.5.txt

On Sun, Jul 17, 2011 at 11:06:29PM -0500, Kerrick Staley wrote:
> Added the documentation for the SigLevel to pacman.conf.5.txt; the code
> that implements this will be put into place with the next commit.

A general comment -- we write our commit messages in the present tense,
rather than the past. You'll find that this is a general trend across
most git repos.

> Signed-off-by: Kerrick Staley <mail@kerrickstaley.com>
> ---
> doc/pacman.conf.5.txt | 24 ++++++++++++++++++++++++
> 1 files changed, 24 insertions(+), 0 deletions(-)
> diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt
> index a28e00f..349e4f7 100644
> --- a/doc/pacman.conf.5.txt
> +++ b/doc/pacman.conf.5.txt
> @@ -156,6 +156,30 @@ Options
> packages are only cleaned if not installed locally and not present in any
> known sync database.
> +*SigLevel =* ...::
> + If set to `Never` (the default), signatures won't ever be

We're putting all this work into package signing, and we're not going to
enable it by default? Certainly requiring full trust of all packages and
DBs isn't realistic for launch day, but if the sig is available, we
should be checking it by default.

> + checked. Conversely, `Required` will require signatures on all packages
> + and databases. `PackageHash` will require database signatures but accept
> + any package as long as the corresponding database gives a secure hash for
> + it (a good compromise when signing every package is too difficult for a
> + distribution's maintainers).
> + A more advanced setting is `Optional`, which will perform signature checks
> + if signatures are present but will allow unsigned databases/packages; this
> + can be useful when a distribution is making a transition from unsigned
> + repositories to signed ones.
> + For advanced configuration, you can list any of the settings described
> + hereafter, but the options can't be contradictory; `PackageHash` may also
> + be included in the list. `PackageRequired` and `DatabaseRequired` work
> + like `Required`, but only cause checks to be performed on packages and
> + databases, respectively; `Required` is equivalent to `PackageRequired
> + DatabaseRequired` with no other options. `PackageOptional` works
> + similarly to `PackageRequired`, and the two cannot be specified together;
> + `DatabaseOptional` works similarly for databases. `PackageMarginal`
> + causes signatures from marginally trusted keys to be accepted on packages;
> + `DatabaseMarginal` works similarly for databases. `PackageUnknown`
> + causes signatures made with an unknown key to be accepted on packages;
> + `DatabaseMarginal` works similarly for databases.
> +

Surely there's a typo somewhere in here near the end...

> *UseSyslog*::
> Log action messages through syslog(). This will insert log entries into
> +{localstatedir}/log/messages+ or equivalent.
> --
> 1.7.6

I'm going to leave a full grammar review to someone else who can do a more
precise job than I can.


Thread Tools

All times are GMT. The time now is 07:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org