[pacman-dev] Do you want Heads Ups about the Signing System
Hi I'm new to arch but I've got automatic sig checks by pacman running fine so far on stable with just pacman4 from testing set to Optional (for the databases) TrustedOnly. I just had to tsign Ionuts master key with mine manually and also Allan Mcraes which seems to be unsigned by the Arch Linux Master keys oh and now also Ronald van Harens. I haven't tried many packages but when tryinh abs which is unsigned it went fine but the signed rsync threw angel velasquez angvp@archlinux.org is unknown trust. It appears to be signed by Pierre's Master key which I have lsigned with no luck. Not sure if you find these reports useful or just annoying until launch so let me know for any others I find. Looks like a good highly adaptable system :-)
Am 30.11.2011 20:14, schrieb Kevin Chadwick:
Hi
I'm new to arch but I've got automatic sig checks by pacman running fine so far on stable with just pacman4 from testing set to Optional (for the databases) TrustedOnly.
I just had to tsign Ionuts master key with mine manually and also Allan Mcraes which seems to be unsigned by the Arch Linux Master keys oh and now also Ronald van Harens.
This is not how it is supposed to work. It is meant to work like this: 1) Import all 5 master keys (in principle, you only need 3, but there is some redundancy here). 2) For each master key, run pacman-key --lsign-key $FINGERPRINT 3) For each muster key, run pacman-key --edit-key $FINGERPRINT and set the ownertrust ('trust' command) to 'marginal'. Every key that is signed by at least 3 master keys will now be accepted.
participants (2)
-
Kevin Chadwick
-
Thomas Bächler