On Fri, Jan 14, 2022 at 04:57:00PM -0800, Brett Cornwall via arch-dev-public wrote:
On 2022-01-14 21:12, David Runge via arch-dev-public wrote:
To all that have added a new @archlinux.org UID or have created a new key, please make sure that all signatures you have received from main signing keys are also present in the current keyring (`pacman-key --list-sigs <nick>@archlinux.org`) or in the current HEAD of archlinux-keyring (`./keyringctl inspect <nick>` in a clone of the archlinux-keyring repository). If you have signatures that are not yet in the keyring, you can add them yourself [2] and do not have to wait on a main signing key holder to do it.
Thanks for your work on this initiative.
I see that my key has made it but the trust is only marginal:
[~]$ pacman -Q archlinux-keyring archlinux-keyring 20220114-1 [~]$ pacman-key --list-sigs ainola@archlinux.org gpg: Note: trustdb not writable pub ed25519 2018-10-03 [SC] [expires: 2022-07-18] BE2DBCF2B1E3E588AC325AEAA06B49470F8E620A [snip] uid [marginal] Brett Cornwall <ainola@archlinux.org> sig 3 A06B49470F8E620A 2021-11-18 Brett Cornwall <brett@i--b.com> sig 4DC95B6D7BE9892E 2021-11-20 David Runge (Arch Linux Master Key) <dvzrv@master-key.archlinux.org>
Is this expected behavior?
No it's not :) It seems like you haven't pulled the signature from Florian which is on your issue. But you still need one signature for full trust. This means you still need to sign packages with the brett@i--b.com UID. -- Morten Linderud PGP: 9C02FF419FECBE16