[arch-general] Pacman makepkg and signatures

Steve Holmes steve.holmes88 at gmail.com
Tue Oct 25 13:19:47 EDT 2011

On 10/25/11, Denis A. Altoé Falqueto <denisfalqueto at gmail.com> wrote:
> I didn't understand what you mean by "correct the errors" and
> "signature verification stuff doesn't work". Would you mind to
> elaborate on that?

I meant that when I did the first updates this morning, I got an eror
on every package because the key for each package (signature) wasn't
valid.  I figured that meant it couldn't be verified or something.
Yes, I know little about overall pgp and web of trust so have a lot to
learn there.  At this point, I'm more enclined to "trust" the
signatures or keys from the 12 Arch devs than anyone else right now.
I really don't know of anyone with a pgp key I could assume as a
trusted party.  If I'm using wrong terms here or acting ignorant, it
is probably because I am:).  So for now I'm using trustall but wonder
if that is generally a good idea since someone else could come along
with a netharious package and blow the whole thing.

More information about the arch-general mailing list