Slashdot Mirror

← Back to Stories (view on slashdot.org)

Package Signing Comes To Pacman and Arch Linux

Posted by timothy on from the ok-but-who-are-you-really dept.

fwarren writes "One of the main complaints heard around here on why some Slashdotters don't run Arch Linux is that the packages are not signed. Fear no more: Arch Linux and Pacman now allow for package signing."

12 of 103 comments (clear)

  1. Re:Now how about getting Linux users basic hygine by RyuuzakiTetsuya · · Score: 3, Funny

    Which is surprising because SOAP is a patent free industry standard.

    --
    Non impediti ratione cogitationus.
  2. Arch Linux: what's the differentiating factor? by Anonymous Coward · · Score: 4, Interesting

    What does Arch bring to the table?

    Debian has a minimal install option, is committed to freedom, has an awesome package manager, has tons of packages available, and has multiple release tracks that allow one to stay cutting edge should one wish.

    RedHat is commercially supported.

    CentOS is the free version of RedHat.

    SLES is commercially supported, with a deal with Microsoft to interoperate.

    Ubuntu is Debian made easier.

    Gentoo is for people who like to recompile software for their hardware.

    I get all of the above distros. I don't run them all myself -- especially not gentoo -- but I understand why some people do.

    What's the point of Arch? I poked at the website and wikipedia pages, but don't see an explanation of what it gives you over, say, a base Debian install.

    Note: this is not intended as a troll. I'm curious as to what Arch brought to the table. Why was it introduced? I'm sure there's an answer, just curious what.

    1. Re:Arch Linux: what's the differentiating factor? by some_guy_88 · · Score: 4, Informative

      My favourite Arch feature is the AUR (Arch User Repository) where anyone can submit their own packages which other uses can then install.

      Because of the AUR, Arch is more likely to have a package for some given obscure application that Debian would be missing. Also, these packages are kept up to date to a greater extent than you'll see on Debian. Finally they're all in one place where as you don't have to constantly add repositories to your package manager's repo list.

    2. Re:Arch Linux: what's the differentiating factor? by dejanc · · Score: 3, Interesting

      What does Arch bring to the table?

      1. It's a rolling release distribution, which many people like.
      2. Package manager is very easy to use
      3. Making new packages and modifying existing ones is extremely easy. Not only is the syntax of package definition very simple, but all package sources are easily available with the ABS (Arch Build System, something like ports).
      4. The previous point is the reason that AUR (centralized repository of user-submitted packages) is very popular and generally of acceptable quality.
    3. Re:Arch Linux: what's the differentiating factor? by gajop · · Score: 3, Insightful

      Read: https://wiki.archlinux.org/index.php/Arch_Compared_to_Other_Distributions
      I don't think you have a clue tbh. I've tried most well known Linuxes (all that you mentioned and a few others), and I can tell you that there are two major differences that distros have, as far as users are concerned: 1) GUI/CLI based (which is also complex/minimalistic), 2) Regular/rolling release based.

      1) Ubuntu, Fedora, OpenSUSE and so on are GUI based systems, coming with fully installed DEs and offering people little choice on the initial install. Sure you can remove stuff and install simple WMs, but that just makes it harder to configure than Arch/Gentoo and even Slackware, who are made for ground-up installation. The reason I use Arch regularly is because I can configure it to do pretty much exactly what I want.

      2) Ubuntu, Fedora, Debian, OpenSUSE, Slackware, and a whole lot of others are using the regular (once, twice a year) release cycle. It's fine if you're using it in the office/classroom/servers, or you just don't use computers much. But often, software updates come a lot more regularly than that (Windows _software_ is rolling release!, the OS itself isn't of course), and it's always good to in the bleeding edge - unless it's you who's bleeding, and that's a potential problem (much like this update required some meddling before it would just work). And even if you do get problems every once in a while when you do rolling release updates, the huge amount of problems whenever I do a full update every 6 month on Ubuntu makes me want to do a clean install (I'm using an uptodate Arch from 2008~, did some experimenting with other linuxes). In the rolling release field it's quite similar to Gentoo (that's another power of Gentoo, it isn't just people compiling stuff for the laughs).

    4. Re:Arch Linux: what's the differentiating factor? by Hatta · · Score: 4, Informative

      Great documentation and vanilla packages. That about sums it up. It's like Slackware with improved package management.

      I've been running systems built from Debian base for about a decade. Recently I kept running into the Arch wiki when I wanted to solve a problem. e.g. if I want to reenable ctrl-alt-backspace in Xorg. If I google that, I get a page full of shitty Ubuntu related solutions that depend on extra packages or gui configuration tools.

      But there's one result that sticks out. The Arch wiki provides a nicely organized richly linked list of things you might want to configure, and how to configure them. This is how you collect and present useful information. I figured, if I find myself consistantly using the documentation for a distro, maybe I should check out the actual distro.

      So I still use Debian on most of my systems, but have thrown Arch on a couple for fun. It's easy, it works, and it doesn't feel as crufty as Debian does. Package signing will make it a contender for real work. Yay Arch!

      --
      Give me Classic Slashdot or give me death!
    5. Re:Arch Linux: what's the differentiating factor? by substance2003 · · Score: 5, Insightful

      I think the only thing you missed was that it's a rolling release OS meaning that unlike other distros. You never need to reinstall it unless you mess up.
      That to me has been the most important feature for me as I found it would get old to have to reinstall Fedora every 6 to 12 months to get access to the latest bleeding edge software.

      As one reviewer said, this OS is always fresh.

  3. Comment removed by account_deleted · · Score: 5, Informative

    Comment removed based on user account deletion

  4. Re:FRIST by K.+S.+Kyosuke · · Score: 4, Funny

    Warning. The parent post in unsigned and may have been forged.

    --
    Ezekiel 23:20
  5. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion

  6. Whew.... by liquidweaver · · Score: 4, Funny

    I've been using Arch for years, and the constant flow of virii and rootkits that were deluging me might finally go away!
    With all the recent news of linux package repositories being the main vector of all these advanced persistent threats my CPO (Chief Pentest Officer) has been telling me about, I can now breath a sigh of relief.

    --
    mov ah, 4ch
    int 21h
  7. I just live on the edge by mshenrick · · Score: 5, Funny

    I feel like such a fearless badman for running arch linux before the packages were signed