[pacman-dev] Public Keys
Hello everybody, I've installed pacman-git on a test machine to play with package signing. Since today some packages in [core] and [extra], perhaps others, are signed. I found two keys on public key servers, the third one is still missing. The key in question was used to sign xfdesktop. Is there any official place I can find keys that are used to sign Arch packages? Or did I miss anything else? -- Regards, Chris
On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse <list@eworm.de> wrote:
Hello everybody,
I've installed pacman-git on a test machine to play with package signing. Since today some packages in [core] and [extra], perhaps others, are signed. I found two keys on public key servers, the third one is still missing. The key in question was used to sign xfdesktop.
Is there any official place I can find keys that are used to sign Arch packages? Or did I miss anything else? -- Regards, Chris
The keys are currently in the profiles: http://www.archlinux.org/developers/ http://www.archlinux.org/trustedusers/ There's probably gonna be another way (I think it's going to be a package) to get them once everything is setup.
On 21/08/11 07:36, Eric Bélanger wrote:
On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse<list@eworm.de> wrote:
Hello everybody,
I've installed pacman-git on a test machine to play with package signing. Since today some packages in [core] and [extra], perhaps others, are signed. I found two keys on public key servers, the third one is still missing. The key in question was used to sign xfdesktop.
Is there any official place I can find keys that are used to sign Arch packages? Or did I miss anything else? -- Regards, Chris
The keys are currently in the profiles:
http://www.archlinux.org/developers/ http://www.archlinux.org/trustedusers/
There's probably gonna be another way (I think it's going to be a package) to get them once everything is setup.
Note that some packages are currently signed by keys that are not actually publicly posted anywhere so you are screwed trying to verify them... Using "SigLevel = Never" is a workaround, although kind of against the point! Allan
Allan McRae <allan@archlinux.org> on Sun, 21 Aug 2011 08:33:51 +1000:
On 21/08/11 07:36, Eric Bélanger wrote:
On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse<list@eworm.de> wrote:
I've installed pacman-git on a test machine to play with package signing. Since today some packages in [core] and [extra], perhaps others, are signed. I found two keys on public key servers, the third one is still missing. The key in question was used to sign xfdesktop.
Is there any official place I can find keys that are used to sign Arch packages? Or did I miss anything else?
The keys are currently in the profiles:
http://www.archlinux.org/developers/ http://www.archlinux.org/trustedusers/
There's probably gonna be another way (I think it's going to be a package) to get them once everything is setup.
I read pacman-dev, so I know abount the planned package. On the other hand I was shure there is non till now. Thanks for the links!
Note that some packages are currently signed by keys that are not actually publicly posted anywhere so you are screwed trying to verify them...
Tobias Powalowski is still missing...
Using "SigLevel = Never" is a workaround, although kind of against the point!
I installed via pacman -U from cache directory. Thanks for your information! -- Schoene Gruesse Chris
Am 20.08.2011 23:36, schrieb Eric Bélanger:
On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse <list@eworm.de> wrote:
Hello everybody,
I've installed pacman-git on a test machine to play with package signing. Since today some packages in [core] and [extra], perhaps others, are signed. I found two keys on public key servers, the third one is still missing. The key in question was used to sign xfdesktop.
Is there any official place I can find keys that are used to sign Arch packages? Or did I miss anything else? -- Regards, Chris
The keys are currently in the profiles:
http://www.archlinux.org/developers/ http://www.archlinux.org/trustedusers/
There's probably gonna be another way (I think it's going to be a package) to get them once everything is setup.
The key listed there is not my package signing key.
participants (4)
-
Allan McRae
-
Christian Hesse
-
Eric Bélanger
-
Thomas Bächler