On Sun, 13 Jun 2010 19:48:53 +1000 Allan McRae <al...@archlinux.org> wrote:
> >> > > > > This is the reason why we need package signing for Pacman. I'm > > aware that some progress has been made and it's being worked on. > > Are there any updates? > > > > Yes... because package signing magically fixes all upstream issues. > > Allan My point was that malicious attackers can add compromise packages to mirrors and alter the repo.db. Package signing would mitigate that. I was attempting to say that what happened in this instance could happen to an Arch mirror or mirrors. There's no need to be rude. Ananda
