On 25.06.20 00:37, Levente Polyak via arch-general wrote: > The trust chain is broken as the signing key changed and after multiple > back and forth I still did not get a signed confirmation of the old key > regarding the new maintainers and keys. > > I will try to re ping them with w 5th mail, lets see if we have more > luck now.
Thanks for your reply and the information. Sorry for the late answer but I had a second thought about it recently and have found several reasons why to update USBGuard anyway: 1) It is open source. If there are trust issues one can look at the source code and check what has changed between versions. 2) Developers of other packages don't ever sign their commits so they don't have a chain of trust at all. While a broken chain of trust might be a step backwards, it is still equivalent to having none. 3) Other Linux distributions have updated the package as well. This might seem like a weak reason but if I think about it, I find that it resembles some kind of peer review. Just wanted to share those thoughts so you might have a second look at it. Kind regards
