[pacman-dev] Public Keys

Allan McRae allan at archlinux.org
Sat Aug 20 18:33:51 EDT 2011

On 21/08/11 07:36, Eric Bélanger wrote:
> On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse<list at eworm.de>  wrote:
>> Hello everybody,
>> I've installed pacman-git on a test machine to play with package signing.
>> Since today some packages in [core] and [extra], perhaps others, are signed.
>> I found two keys on public key servers, the third one is still missing. The
>> key in question was used to sign xfdesktop.
>> Is there any official place I can find keys that are used to sign Arch
>> packages? Or did I miss anything else?
>> --
>> Regards,
>> Chris
> The keys are currently in the profiles:
> http://www.archlinux.org/developers/
> http://www.archlinux.org/trustedusers/
> There's probably gonna be another way (I think it's going to be a
> package) to get them once everything is setup.

Note that some packages are currently signed by keys that are not 
actually publicly posted anywhere so you are screwed trying to verify 
them...  Using "SigLevel = Never" is a workaround, although kind of 
against the point!


More information about the pacman-dev mailing list