[arch-general] AUR and missing/unidentifiable GPG keys
Bennett Piater
bennett at piater.name
Fri Dec 8 11:17:59 UTC 2017
> I know this can be circumvented by editing the pkgbuild file and
> removing the verification option, but that feels wrong. Is there a
> systematic way to update the relevant keys?
You are supposed to manually download the keys, ideally from a trusted
source.
Another option would be to configure gpg to automatically download
missing keys from a key server.
Cheers,
Bennett
--
GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20171208/9ff2565e/attachment.asc>
More information about the arch-general
mailing list