[arch-dev-public] Updates to archlinux-keyring and signatures for packager keys
Brett Cornwall
ainola at archlinux.org
Sat Jan 15 00:57:00 UTC 2022
On 2022-01-14 21:12, David Runge via arch-dev-public wrote:
>To all that have added a new @archlinux.org UID or have created a new
>key, please make sure that all signatures you have received from main
>signing keys are also present in the current keyring (`pacman-key
>--list-sigs <nick>@archlinux.org`) or in the current HEAD of
>archlinux-keyring (`./keyringctl inspect <nick>` in a clone of the
>archlinux-keyring repository). If you have signatures that are not yet
>in the keyring, you can add them yourself [2] and do not have to wait on
>a main signing key holder to do it.
Thanks for your work on this initiative.
I see that my key has made it but the trust is only marginal:
[~]$ pacman -Q archlinux-keyring
archlinux-keyring 20220114-1
[~]$ pacman-key --list-sigs ainola at archlinux.org
gpg: Note: trustdb not writable
pub ed25519 2018-10-03 [SC] [expires: 2022-07-18]
BE2DBCF2B1E3E588AC325AEAA06B49470F8E620A
[snip]
uid [marginal] Brett Cornwall <ainola at archlinux.org>
sig 3 A06B49470F8E620A 2021-11-18 Brett Cornwall <brett at i--b.com>
sig 4DC95B6D7BE9892E 2021-11-20 David Runge (Arch Linux Master Key) <dvzrv at master-key.archlinux.org>
Is this expected behavior?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20220114/28b85436/attachment.sig>
More information about the arch-dev-public
mailing list