Introducing package signing to Arch Linux


This blog post is older than 4 years and its content may be out of date.

Today, Pacman 4 was released to [core] and introduced a new core feature - package signing. Now Arch Linux has a feature that was often a point of criticism towards Arch Linux in comparison to other distributions with Debian at their head. If someone would be so evil to spoof the [core], [community] or [extra] repositories, malicious code could be installed onto your system.

For now, the key signing remains deactivated in pacman.conf, but you can activate it by un-commenting the suiting lines in /etc/pacman.conf. Allan has a good series on Pacman key signing: Pacman package signing

I’m excited to see this new feature and hope it will be usable ;) Good night to you, fellas!