[pacman-dev] Public Keys

Christian Hesse list at eworm.de
Sun Aug 21 03:29:07 EDT 2011

Allan McRae <allan at archlinux.org> on Sun, 21 Aug 2011 08:33:51 +1000:
> On 21/08/11 07:36, Eric Bélanger wrote:
> > On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse<list at eworm.de>  wrote:
> >> I've installed pacman-git on a test machine to play with package signing.
> >> Since today some packages in [core] and [extra], perhaps others, are
> >> signed. I found two keys on public key servers, the third one is still
> >> missing. The key in question was used to sign xfdesktop.
> >>
> >> Is there any official place I can find keys that are used to sign Arch
> >> packages? Or did I miss anything else?
> >
> > The keys are currently in the profiles:
> >
> > http://www.archlinux.org/developers/
> > http://www.archlinux.org/trustedusers/
> >
> > There's probably gonna be another way (I think it's going to be a
> > package) to get them once everything is setup.

I read pacman-dev, so I know abount the planned package. On the other hand I
was shure there is non till now.
Thanks for the links!

> Note that some packages are currently signed by keys that are not 
> actually publicly posted anywhere so you are screwed trying to verify 
> them...

Tobias Powalowski is still missing...

> Using "SigLevel = Never" is a workaround, although kind of 
> against the point!

I installed via pacman -U from cache directory.

Thanks for your information!
Schoene Gruesse

More information about the pacman-dev mailing list