diff options
author | Dan McGee <dan@archlinux.org> | 2011-09-21 23:19:12 +0200 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-09-22 18:15:39 +0200 |
commit | 7d961c849bf4dab481e261bdb91304f6a4744d8c (patch) | |
tree | 9ca528ab4bee432ca0aedf8289fe7cc3f4f4f973 /scripts/pacman-optimize.sh.in | |
parent | 6767de5380d97f6544ca3968b83b74120dfcbeca (diff) | |
download | pacman-7d961c849bf4dab481e261bdb91304f6a4744d8c.tar.gz pacman-7d961c849bf4dab481e261bdb91304f6a4744d8c.tar.xz |
pacman-key: disable, don't remove, revoked keys
Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.
Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.
Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and
foobar-revoked.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts/pacman-optimize.sh.in')
0 files changed, 0 insertions, 0 deletions