[arch-dev-public] Updates to archlinux-keyring and signatures for packager keys
David Runge
dave at sleepmap.de
Sat Jan 15 10:32:38 UTC 2022
On 2022-01-14 16:57:00 (-0800), Brett Cornwall via arch-dev-public wrote:
> On 2022-01-14 21:12, David Runge via arch-dev-public wrote:
> > To all that have added a new @archlinux.org UID or have created a new
> > key, please make sure that all signatures you have received from main
> > signing keys are also present in the current keyring (`pacman-key
> > --list-sigs <nick>@archlinux.org`) or in the current HEAD of
> > archlinux-keyring (`./keyringctl inspect <nick>` in a clone of the
> > archlinux-keyring repository). If you have signatures that are not yet
> > in the keyring, you can add them yourself [2] and do not have to wait on
> > a main signing key holder to do it.
>
> Thanks for your work on this initiative.
>
> I see that my key has made it but the trust is only marginal:
>
>
> [~]$ pacman -Q archlinux-keyring
> archlinux-keyring 20220114-1
> [~]$ pacman-key --list-sigs ainola at archlinux.org
> gpg: Note: trustdb not writable
> pub ed25519 2018-10-03 [SC] [expires: 2022-07-18]
> BE2DBCF2B1E3E588AC325AEAA06B49470F8E620A
> [snip]
> uid [marginal] Brett Cornwall <ainola at archlinux.org>
> sig 3 A06B49470F8E620A 2021-11-18 Brett Cornwall <brett at i--b.com>
> sig 4DC95B6D7BE9892E 2021-11-20 David Runge (Arch Linux Master Key) <dvzrv at master-key.archlinux.org>
Your @archlinux.org UID currently has marginal trust, as it is only
signed by one main signing key (needs three signatures for full trust).
Your other UID still has full trust though, which means that your key in
general is still fully trusted!
However, we would like to have signatures on the @archlinux.org UID only
in the future of course :)
If you have received more signatures for your @archlinux.org UID by now,
you can add those via a merge request (see previous email).
Best,
David
--
https://sleepmap.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20220115/96e4482e/attachment.sig>
More information about the arch-dev-public
mailing list