[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Helping Arch Linux with package signing

I'm sure everyone has read the following from LWN [1]. I was just thinking
that Debian has had package signing for a while, and the top users of the
PGP Strong Set [2] (maybe even most of it) are Debian developers. Seeing as
though Debian has such a strong history with OpenPGP and package signing, I
was wondering if we could help them along.

1: https://lwn.net/SubscriberLink/434990/4c611307c60a7ae1/
2: http://pgp.cs.uu.nl/plot/

Dan McGee, the lead Arch Linux developer, has stated [3] that he is willing
to accept patches getting OpenPGP implemented into Pacman and the rest of

So, given the history of package signing with Debian, I'm wondering if
there is anything we can do as a project to help another project out. Be it
documentation, how-tos, patches, whatever. It appears to be open for
discussion [4], and even though I'm a hardcore Debian user through and
through, it would be great to see another GNU/Linux operating system step
up in the security ranks.

3: https://lwn.net/Articles/435251/
4: https://bugs.archlinux.org/task/5331

If I'm way out of line, then let me know.


P.S.: I would have posted this to -devel, but I didn't know if it would be
appropriate or not, and I figured many developers might be on this list
anyway, and if necessary, could cross-post it.

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

Attachment: signature.asc
Description: Digital signature

Reply to: