[arch-general] pacman security when importing new keys?
Dennis Lange
dennis at lumalab.net
Tue Feb 10 12:59:35 UTC 2015
Hi Manuel,
thanks for posting this thread. I also wondered about the key from
eworm. Sure he is a trusted user but accepting keys made me a little bit
nervous. Is there a way to verify my pacman keys?
Dennis
Am 09.02.2015 um 22:00 schrieb Manuel Reimer:
> Hello,
>
> today, pacman asked me to import a new signature key. So far this was
> done "automatically" using a keys-package, which, itself, was signed
> with a trusted key.
>
> How is the new mechanism secured? Is the new way, to bring keys to
> users, prone to MITM attacks?
>
> Thanks in advance.
>
> Manuel
>
More information about the arch-general
mailing list