[pacman-dev] Do you want Heads Ups about the Signing System
Thomas Bächler
thomas at archlinux.org
Wed Nov 30 14:29:33 EST 2011
Am 30.11.2011 20:14, schrieb Kevin Chadwick:
> Hi
>
> I'm new to arch but I've got automatic sig checks by pacman running
> fine so far on stable with just pacman4 from testing set to Optional
> (for the databases) TrustedOnly.
>
> I just had to tsign Ionuts master key with mine manually and also Allan
> Mcraes which seems to be unsigned by the Arch Linux Master keys oh and
> now also Ronald van Harens.
This is not how it is supposed to work. It is meant to work like this:
1) Import all 5 master keys (in principle, you only need 3, but there is
some redundancy here).
2) For each master key, run pacman-key --lsign-key $FINGERPRINT
3) For each muster key, run pacman-key --edit-key $FINGERPRINT and set
the ownertrust ('trust' command) to 'marginal'.
Every key that is signed by at least 3 master keys will now be accepted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/pacman-dev/attachments/20111130/6a4eee1e/attachment.asc>
More information about the pacman-dev
mailing list