[arch-general] pacman system update - Why am I prompted to import a specific key?
NTS
nts at gyatso.de
Sat Jun 13 18:21:53 UTC 2020
Hello David,
The way I understand it the key was not "in the wild" but on his laptop. So
no bug in sight, large or small.
Not that it is very relevant here but just to make sure no-one gets a wrong
impression of our dev.
Best wishes,
NTS
On 13 Jun 2020 6:46 p.m., "David C. Rankin" <drankinatty at suddenlinkmail.com>
wrote:
On 06/12/2020 09:24 PM, mpan wrote:
>> On update today (yesterday's updates went fine), I am prompted to
approve
>> import of the following key a number of times: […]
>> :: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) […]
> Oh, “the heftig bug” ;). While Simon Wilper has provided the solution,
> here is some background:
>
> “[…] I replaced it to get a clean break for a new key, which I'm
> treating more securely from the beginning (no secret keys on the
> laptop, just subkeys on a yubikey and the master key on a few
> backups)” —heftig
>
> -Syu often to avoid problems.
>
Oh.... So there was a private key that escaped into the wild...
That would be a big bug... Thank you for the background. I generally -Syu
daily (at most every few days) -- which is why this event immediately jumped
out as not normal. I hope he got the laptop back :p
--
David C. Rankin, J.D.,P.E.
More information about the arch-general
mailing list