[arch-general] Pacman makepkg and signatures

Denis A. Altoé Falqueto denisfalqueto at gmail.com
Tue Oct 25 10:10:50 EDT 2011


On Tue, Oct 25, 2011 at 11:15 AM, Steve Holmes <steve.holmes88 at gmail.com> wrote:
> On Tue, Oct 25, 2011 at 03:00:50PM +0200, fredbezies wrote:
>> In /etc/pacman.conf, uncomment :
>>
>> SigLevel = Optional TrustAll
>
> Yeah, I saw that and understand that is appropriate for local
> packages.  But now that I uncomment it, what if I want to tighten up
> the sig tests in the future.  How does one correct the errors.  In
> this current situation, it appears that this signature verification
> stuff doesn't work.  What am I missing?
>
> At least at the moment, I can go ahead and upgrade these 126
> packages:).

If you want to tighten up, you should use TrustedOnly, instead of
TrusAll. That would only consider as valid a signature whose key is
present in pacman's keyring and also either signed explicitly by you
or trusted by a key from someone you already trusts. The latter is
what OpenPGP calls Web of Trust (you can read about it on the web,
it's a very interesting subject)

I didn't understand what you mean by "correct the errors" and
"signature verification stuff doesn't work". Would you mind to
elaborate on that?

-- 
A: Because it obfuscates the reading.
Q: Why is top posting so bad?

-------------------------------------------
Denis A. Altoe Falqueto
Linux user #524555
-------------------------------------------


More information about the arch-general mailing list