[arch-general] Package signing for the umpteenth time (was Re: unrealircd 3.2.8.1-2 contains backdoor)
Allan McRae
allan at archlinux.org
Sun Jun 13 05:48:53 EDT 2010
On 13/06/10 19:38, Ananda Samaddar wrote:
> On Sun, 13 Jun 2010 09:58:38 +0200
> Thomas Bächler<thomas at archlinux.org> wrote:
>
>> Am 13.06.2010 02:33, schrieb Alexander Duscheleit:
>>> OTOH the original mail was meant more to alert *users* of
>>> unrealircd, the maintainer should actually already have been
>>> noticed via the bug.
>>
>> In that case, it seems you chose your list wisely.
>>
>>> On a side-note, Sergej already has published a new pkgrel this
>>> afternoon (2010-06-12 16:40:54 UTC). So the bug is/was already
>>> obsolete before I wrote it.
>>
>> Good, didn't notice that. I was quite shocked when I read about the
>> issue.
>>
>
> This is the reason why we need package signing for Pacman. I'm aware
> that some progress has been made and it's being worked on. Are there
> any updates?
>
Yes... because package signing magically fixes all upstream issues.
Allan
More information about the arch-general
mailing list