From 1fe6cabc4d3868510427e32b60c9aa869886acab Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Sun, 4 Mar 2012 13:25:56 +0100
Subject: pacman-key: Remove useless signature verification in --populate
 command

Verifing the keyring at this point is useless as a malicious package is already
installed and as such has several options to bypass this check anyway.

Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
---
 doc/pacman-key.8.txt | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'doc')

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 1582a3ca..3631ec8c 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -129,11 +129,6 @@ any signing", so should be used with prudence. A key being marked as revoked
 will be disabled in the keyring and no longer treated as valid, so this always
 takes priority over it's trusted state in any other keyring.
 
-All files are required to be signed (detached) by a trusted PGP key that the
-user must manually import to the pacman keyring. This prevents a potentially
-malicious repository adding keys to the pacman keyring without the users
-knowledge.
-
 
 See Also
 --------
-- 
cgit v1.2.3