Hi everybody, since version 5.2 pacman supports downloading the package signing keys from our newly implemented Web Key Directory (WKD) [1]. Since the key server network that we are currently relying on for this purpose is not in a very healthy state any more [2], it seems like a good time to store all PGP keys in our WKD to be independent of the key servers. This will require an update of some the existing keys: keys in the WKD are looked up by email address, so you need to have an user ID with an @archlinux.org email address on your PGP key to make use of our existing WKD (or set up a WKD on your own server in case you are using a custom domain for your email address). I you don't have an @archlinux.org email address yet, you can talk to the Devops team e.g. using the #archlinux-devops IRC channel to get on set up. To see if your key is already in our WKD, please visit [3]. If all three columns are green, you are all set, otherwise you need to take one of the following actions: - If the "Has @archlinux.org UID" column is "No", you need to add an additional UID to your PGP key: $ gpg --edit-key YOURKEY adduid save $ gpg --send-keys YOURKEY - If the "Uses @archlinux.org email for packaging" column is "No", you need to set the PACKAGER variable in your makepkg.conf to use your (newly created) @archlinux.org UID. Please double-check the configuration of all the machines you use to build packages since the packager email address is used for the key lookup in pacman. - If the "@archlinux.org UID is fully trusted" column is "No", your key already has the required format, but the UID needs to be signed by at least three master key holders. You do not need to do anything right now (apart from maybe changing the PACKAGER variable as described in the previous bullet point). In order to make it easier for the master key holders to sign all the new UIDs, it would be great if everybody could add the new UID to their key within the next two months. I will then collect all the new and currently untrusted UIDs and submit them to the key holders for batch signing. If there are any questions on adding the new UID or adjusting the packager variable, please do not hesitate to contact me. Cheers, Jonas [1] https://bugs.archlinux.org/task/63171 [2] https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f [3] https://wiki.archlinux.org/index.php/User:Diabonas/WKD_support_by_developer_...