[arch-general] pacman system update - Why am I prompted to import a specific key?

David C. Rankin drankinatty at suddenlinkmail.com
Sat Jun 13 16:46:25 UTC 2020

On 06/12/2020 09:24 PM, mpan wrote:
>>   On update today (yesterday's updates went fine), I am prompted to approve
>> import of the following key a number of times: […]
>> :: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) […]
>   Oh, “the heftig bug” ;). While Simon Wilper has provided the solution,
> here is some background:
>  “[…] I replaced it to get a clean break for a new key, which I'm
>   treating more securely from the beginning (no secret keys on the
>   laptop, just subkeys on a yubikey and the master key on a few
>   backups)”  —heftig
> -Syu often to avoid problems.

Oh.... So there was a private key that escaped into the wild...

That would be a big bug... Thank you for the background. I generally -Syu
daily (at most every few days) -- which is why this event immediately jumped
out as not normal. I hope he got the laptop back :p

David C. Rankin, J.D.,P.E.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200613/6bd83a5e/attachment.sig>

More information about the arch-general mailing list