[pacman-dev] Public Keys
Allan McRae
allan at archlinux.org
Sat Aug 20 18:33:51 EDT 2011
On 21/08/11 07:36, Eric Bélanger wrote:
> On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse<list at eworm.de> wrote:
>> Hello everybody,
>>
>> I've installed pacman-git on a test machine to play with package signing.
>> Since today some packages in [core] and [extra], perhaps others, are signed.
>> I found two keys on public key servers, the third one is still missing. The
>> key in question was used to sign xfdesktop.
>>
>> Is there any official place I can find keys that are used to sign Arch
>> packages? Or did I miss anything else?
>> --
>> Regards,
>> Chris
>>
>>
>
> The keys are currently in the profiles:
>
> http://www.archlinux.org/developers/
> http://www.archlinux.org/trustedusers/
>
> There's probably gonna be another way (I think it's going to be a
> package) to get them once everything is setup.
>
Note that some packages are currently signed by keys that are not
actually publicly posted anywhere so you are screwed trying to verify
them... Using "SigLevel = Never" is a workaround, although kind of
against the point!
Allan
More information about the pacman-dev
mailing list