There is no good reason to bloat the keyring by importing tons of signatures we cannot use; drop any signatures that don't validate against another available key (probably the master keys). If any desired signatures get cleaned, the key can be refreshed after importing the new signing public key. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- v3: introduce new followup which adds import-clean -- it has been around for some time, and seems generally useful even if not directly applicable to WoT fixes, so let us seize the opportunity to implement it. scripts/pacman-key.sh.in | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 93600bc0..117acc40 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -209,6 +209,7 @@ initialize() { add_gpg_conf_option "$conffile" 'no-permission-warning' add_gpg_conf_option "$conffile" 'lock-never' add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10' + add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean' local gpg_ver=$(gpg --version | awk '{print $3; exit}') if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then -- 2.23.0