[arch-general] pacman security when importing new keys?
Daniel Micay
danielmicay at gmail.com
Tue Feb 10 13:32:05 UTC 2015
On 10/02/15 07:59 AM, Dennis Lange wrote:
> Hi Manuel,
>
> thanks for posting this thread. I also wondered about the key from
> eworm. Sure he is a trusted user but accepting keys made me a little bit
> nervous. Is there a way to verify my pacman keys?
>
> Dennis
It already verifies the keys by default... you have to go out of your
way to manually mark a key as trusted. Importing a key != marking a key
as trusted. It is only trusted if 3+ of the five master keys signed it
or if you explicitly mark it with pacman-key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20150210/762a53d8/attachment.asc>
More information about the arch-general
mailing list