Jump to content

Not-So-Good Press for Arch

V.T. Eric Layton

Recommended Posts

Getting back on topic, it is interesting that the Chakra devs (the ones who built and maintained KDEMod for Arch) think that package signing is important and deserves attention (thread is stickied): http://chakra-project.org/bbs/viewtopic.php?pid=28998. AFAIK they still use pacman as their package manager, which is to be replaced sometime in the future.Granted, it should be acknowledged that over the years there has been some fits and starts with developing package signing on Arch adhering to KISS for its package manager, pacman. The most notable one I recall was in 2008 that never really picked up any head of steam. Still, Arch is a nice distro for testing/seeing what's the latest and greatest and it does many things right. Security, as of this moment sadly, is not one of them. Then again, package signing is not the end all be all, as evidenced by the breach of Red Hat's servers, including the one used for Fedora's package signing. Thankfully, AFAIK, it didn't lead to any malicious packages being distributed.

Honestly, Aaron and I care very little about making this distro popular, so we aren't looking to ride the happy train to the Distrowatch #1 spot here. So if you think your threats of leaving the distro help, you're wrong. --Dan McGee
https://bugs.archlinux.org/task/5331 Edited by ssri
Link to comment
Share on other sites

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

  • securitybreach


  • V.T. Eric Layton


  • amenditman


  • abarbarian


  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...