Introducing package signing to Arch Linux
Today, Pacman 4 was released to [core]
and introduced a new core feature - package signing.
Now Arch Linux has a feature that was often a point of criticism towards Arch Linux in comparison to other distributions with Debian at their head.
If someone would be so evil to spoof the [core]
, [community]
or [extra]
repositories, malicious code could be installed onto your system.
For now, the key signing remains deactivated in pacman.conf, but you can activate it by un-commenting the suiting lines in /etc/pacman.conf. Allan has a good series on Pacman key signing: Pacman package signing
I’m excited to see this new feature and hope it will be usable ;) Good night to you, fellas!