Re: [arch-general] Doubt about signed packages.

On Tue, 2011-03-01 at 12:50 +0530, Keerthan jai.c wrote: > Why can't we do this? > > 1) Keep hashes of {core,extra,community,multilib}.db in plaintext in > keys.archlinux.org or something > 2) while syncing pacman compares the hashes of the downloaded dbs from the > main server ensuring that the p

[arch-general] Doubt about signed packages.

Why can't we do this? 1) Keep hashes of {core,extra,community,multilib}.db in plaintext in keys.archlinux.org or something 2) while syncing pacman compares the hashes of the downloaded dbs from the main server ensuring that the packages are not tampered! -- have a nice day -jck