On 10/02/15 08:15 AM, Mike Cloaked wrote:
On Tue, Feb 10, 2015 at 12:59 PM, Dennis Lange <dennis@lumalab.net> wrote:
Hi Manuel,
thanks for posting this thread. I also wondered about the key from eworm. Sure he is a trusted user but accepting keys made me a little bit nervous. Is there a way to verify my pacman keys?
Dennis
I guess you can verify fingerprints from the list at
No, you don't have to anything like that. There is never a need to manually verify the keys of developers and trusted users because they are part of the web of trust model. There are 5 trusted master keys and they are part of the installation from the get go. A key is trusted if it is signed by at least 3 master keys - you only ever need to mark keys for third party repositories as trusted.