On 2022-01-14 16:57:00 (-0800), Brett Cornwall via arch-dev-public wrote:
On 2022-01-14 21:12, David Runge via arch-dev-public wrote:
To all that have added a new @archlinux.org UID or have created a new key, please make sure that all signatures you have received from main signing keys are also present in the current keyring (`pacman-key --list-sigs <nick>@archlinux.org`) or in the current HEAD of archlinux-keyring (`./keyringctl inspect <nick>` in a clone of the archlinux-keyring repository). If you have signatures that are not yet in the keyring, you can add them yourself [2] and do not have to wait on a main signing key holder to do it.
Thanks for your work on this initiative.
I see that my key has made it but the trust is only marginal:
[~]$ pacman -Q archlinux-keyring archlinux-keyring 20220114-1 [~]$ pacman-key --list-sigs ainola@archlinux.org gpg: Note: trustdb not writable pub ed25519 2018-10-03 [SC] [expires: 2022-07-18] BE2DBCF2B1E3E588AC325AEAA06B49470F8E620A [snip] uid [marginal] Brett Cornwall <ainola@archlinux.org> sig 3 A06B49470F8E620A 2021-11-18 Brett Cornwall <brett@i--b.com> sig 4DC95B6D7BE9892E 2021-11-20 David Runge (Arch Linux Master Key) <dvzrv@master-key.archlinux.org>
Your @archlinux.org UID currently has marginal trust, as it is only signed by one main signing key (needs three signatures for full trust). Your other UID still has full trust though, which means that your key in general is still fully trusted! However, we would like to have signatures on the @archlinux.org UID only in the future of course :) If you have received more signatures for your @archlinux.org UID by now, you can add those via a merge request (see previous email). Best, David -- https://sleepmap.de