[arch-general] Pacman makepkg and signatures
Steve Holmes
steve.holmes88 at gmail.com
Tue Oct 25 13:19:47 EDT 2011
On 10/25/11, Denis A. Altoé Falqueto <denisfalqueto at gmail.com> wrote:
>
> I didn't understand what you mean by "correct the errors" and
> "signature verification stuff doesn't work". Would you mind to
> elaborate on that?
I meant that when I did the first updates this morning, I got an eror
on every package because the key for each package (signature) wasn't
valid. I figured that meant it couldn't be verified or something.
Yes, I know little about overall pgp and web of trust so have a lot to
learn there. At this point, I'm more enclined to "trust" the
signatures or keys from the 12 Arch devs than anyone else right now.
I really don't know of anyone with a pgp key I could assume as a
trusted party. If I'm using wrong terms here or acting ignorant, it
is probably because I am:). So for now I'm using trustall but wonder
if that is generally a good idea since someone else could come along
with a netharious package and blow the whole thing.
More information about the arch-general
mailing list