On Tue, 2011-03-01 at 12:50 +0530, Keerthan jai.c wrote:
> Why can't we do this?
>
> 1) Keep hashes of {core,extra,community,multilib}.db in plaintext in
> keys.archlinux.org or something
> 2) while syncing pacman compares the hashes of the downloaded dbs from the
> main server ensuring that the packages are not tampered!
>
I suggest you first look at all the prior discussion on the topic. Its
not as simple as that.- [arch-general] Doubt about signed packages. Keerthan jai.c
- Re: [arch-general] Doubt about signed packages. Ng Oon-Ee
