Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/doc/pacman-key.8.txt
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2012-03-04 13:25:56 +0100
committerDan McGee <dan@archlinux.org>2012-03-05 11:57:30 -0600
commit1fe6cabc4d3868510427e32b60c9aa869886acab (patch)
treea3351e4cc97733951588aab1c3e2c963cfc4f028 /doc/pacman-key.8.txt
parent4ffa0401d22347332d663f1d400e182d5a181ea2 (diff)
pacman-key: Remove useless signature verification in --populate command
Verifing the keyring at this point is useless as a malicious package is already installed and as such has several options to bypass this check anyway. Signed-off-by: Pierre Schmitz <pierre@archlinux.de> Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'doc/pacman-key.8.txt')
-rw-r--r--doc/pacman-key.8.txt5
1 files changed, 0 insertions, 5 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 1582a3ca..3631ec8c 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -129,11 +129,6 @@ any signing", so should be used with prudence. A key being marked as revoked
will be disabled in the keyring and no longer treated as valid, so this always
takes priority over it's trusted state in any other keyring.
-All files are required to be signed (detached) by a trusted PGP key that the
-user must manually import to the pacman keyring. This prevents a potentially
-malicious repository adding keys to the pacman keyring without the users
-knowledge.
-
See Also
--------