ssri Posted March 6, 2011 Posted March 6, 2011 (edited) Getting back on topic, it is interesting that the Chakra devs (the ones who built and maintained KDEMod for Arch) think that package signing is important and deserves attention (thread is stickied): http://chakra-project.org/bbs/viewtopic.php?pid=28998. AFAIK they still use pacman as their package manager, which is to be replaced sometime in the future.Granted, it should be acknowledged that over the years there has been some fits and starts with developing package signing on Arch adhering to KISS for its package manager, pacman. The most notable one I recall was in 2008 that never really picked up any head of steam. Still, Arch is a nice distro for testing/seeing what's the latest and greatest and it does many things right. Security, as of this moment sadly, is not one of them. Then again, package signing is not the end all be all, as evidenced by the breach of Red Hat's servers, including the one used for Fedora's package signing. Thankfully, AFAIK, it didn't lead to any malicious packages being distributed. Honestly, Aaron and I care very little about making this distro popular, so we aren't looking to ride the happy train to the Distrowatch #1 spot here. So if you think your threats of leaving the distro help, you're wrong. --Dan McGee https://bugs.archlinux.org/task/5331 Edited March 7, 2011 by ssri Quote
V.T. Eric Layton Posted March 6, 2011 Author Posted March 6, 2011 Welcome to Scot's and to BATL, ssri! Quote
securitybreach Posted March 6, 2011 Posted March 6, 2011 Welcome to the forums ssri and thanks for the info Quote
ssri Posted March 25, 2011 Posted March 25, 2011 Wow, the sh*t hit fan...http://lwn.net/Articles/434990/http://lwn.net/Articles/435251/ Quote
securitybreach Posted March 25, 2011 Posted March 25, 2011 Wow, the sh*t hit fan...http://lwn.net/Articles/434990/http://lwn.net/Articles/435251/ Yeah I just posted a thread here about that last night. Thanks for the info though. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.