[aur-general] TU Application: Daniel Bermond (dbermond)

Baptiste Jonglez baptiste at bitsofnetworks.org
Sun Oct 14 22:27:04 UTC 2018

On 15-10-18, Levente Polyak via aur-general wrote:
> On 10/14/18 11:35 PM, Daniel Bermond via aur-general wrote:
> >
> > I usually don't use pgp on my aur packages because people tend to
> > complain a lot about building issues. They fail to handle the keys and
> > start complaining to the packager, and this is a big stress. When
> > dealing with repository packages this is another story, of course. Since
> > this was raised as a main issue, I'll be adding the pgp checks back again.
> > 
> So let me summarize what you are saying, correct me if im wrong:
> You fully know whats all the gizzle with gpg. Instead of acting like a
> trustable user who follows best practice and spreads good advice and
> helps teaching people about how all this works properly you prefere to
> pull the lazy card because its what? big stress? Serious?
> I don't even find words to describe how untrustworthy this is to the
> community to prefer to remove GPG signatures instead of educating users?

What a warm way to welcome people.  A bit of fact-checking doesn't hurt:

$ pkgver=4.16.1
$ wget "https://www.apache.org/dist/flex/${pkgver}/binaries/apache-flex-sdk-${pkgver}-bin.tar.gz"{,.asc}
$ gpg --verify apache-flex-sdk-4.16.1-bin.tar.gz.asc 
gpg: assuming signed data in 'apache-flex-sdk-4.16.1-bin.tar.gz'
gpg: Signature made mer. 15 nov. 2017 09:44:37 CET
gpg:                using RSA key 44998F3E242727E94C4BADEB6B0A7EC905061FC8
gpg: Can't check signature: No public key

$ gpg --search-keys 44998F3E242727E94C4BADEB6B0A7EC905061FC8
gpg: data source:
(1)  Piotr Zarzycki (CODE SIGNING KEY) <piotrz at apache.org>
       4096 bit RSA key 6B0A7EC905061FC8, created: 2017-06-17 (revoked)
Keys 1-1 of 1 for "44998F3E242727E94C4BADEB6B0A7EC905061FC8".  Enter number(s), N)ext, or Q)uit > 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20181015/b871e2c6/attachment-0001.asc>

More information about the aur-general mailing list