LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

McGee: The real story behind Arch Linux package signing

McGee: The real story behind Arch Linux package signing

Posted Mar 26, 2011 11:29 UTC (Sat) by ovitters (subscriber, #27950)
In reply to: McGee: The real story behind Arch Linux package signing by tzafrir
Parent article: McGee: The real story behind Arch Linux package signing

In addition, GNOME and various other software do not sign their tarballs. The trust is already limited. You'll know it is packaged, but not if it comes from the developers (meaning: breakin at a mirror).

(Log in to post comments)

McGee: The real story behind Arch Linux package signing

Posted Mar 26, 2011 13:17 UTC (Sat) by sahko (guest, #54088) [Link]

This is so much bigger than Arch.
It affects every distribution shipping GNOME.
Thats every one, besides Slackware. Will we see a LWN article about it?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds