On Sun, 13 Jun 2010 19:48:53 +1000
Allan McRae <al...@archlinux.org> wrote:

> >>
> >
> > This is the reason why we need package signing for Pacman.  I'm
> > aware that some progress has been made and it's being worked on.
> > Are there any updates?
> >
> 
> Yes...  because package signing magically fixes all upstream issues.
> 
> Allan

My point was that malicious attackers can add compromise packages to
mirrors and alter the repo.db.  Package signing would mitigate that.  I
was attempting to say that what happened in this instance could happen
to an Arch mirror or mirrors.  There's no need to be rude.

Ananda

Reply via email to