[arch-general] Corrupt Package (confirmed 2 servers) dovecot, jansson, python2-pillow

[David C. Rankin]

On 02/11/2018 07:09 AM, Doug Newgard via arch-general wrote:
>> I refreshed the keylist with pacman-key no help, I finally just tagged
>> TrustAll at the end of the line in packman.conf and it worked fine. There are
>> screwed up signatures there.
>>
> The issue is in your local keyring. Check all of the Arch Master Keys, make
> sure they're all signed by your local master key.

  Can someone please explain why this key trust issue happened? In the past 7
years, running 10+ Arch boxes I have never had to adjust the trust on any key
within the arch-keyring. Why all of a sudden, and why on only one box, did I
have to --lsign-key for the eschwartz93 key? That is why this seemed so bizarre.

  I have 5 other arch boxes running and updated and none of them experienced
this problem. Only my spare laptop that I had not run/updated since last month
showed this behavior.

  For all other boxes this had been seamless (and that is a good thing). Is
this some known random behavior that if you don't update between time A and
time B, then you are likely to have to manually set the trust on any new keys
added to the web-of-trust between points A & B?

  I'm just trying to figure out what happened and what to expect in the future.

-- 
David C. Rankin, J.D.,P.E.