repo-add: implicitly sign when verifying (!172) · Merge requests · Pacman / Pacman

Christian Hesse requested to merge eworm/pacman:verify-sign into master Apr 23, 2024

Currently it is possible to verify a database signature, without signing the database. This causes the database to be altered, but the (then invalid) signature to be preserved.

Fix this by implicitly signing when verifying.

Signed-off-by: Christian Hesse mail@eworm.de

Admin message

repo-add: implicitly sign when verifying

Merge request reports