[aur-general] validpgpkeys

Ralf Mardorf ralf.mardorf at alice-dsl.net
Sun Dec 11 19:46:56 UTC 2016


you likely noticed the discussion about "Stronger Hashes for PKGBUILDs"
on Arch general. I wonder if there is any reason to avoid validpgpkeys
for PKGBUILDs of the AUR?
https://aur.archlinux.org/packages/freetype2-infinality/ ?

If upstream, e.g. kernel.org signs the source, then IMO nothing is
wrong with including it to the PKGBUILD. I prefer signed sources.

Actually this is done for at least linux.

$ grep validpgpkeys -A3 /var/abs/core/linux/PKGBUILD 
        'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
        '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman


More information about the aur-general mailing list