On 30-06-2026 22:24, Sean E. Russell wrote:
The archlinux-keyring is only for Package Maintainers. It's a
and
On Mon Jun 29, 2026 at 11:03 AM PDT, Christian Heusel wrote:
the sole purpose of a signature by one the master key holders (and
following that the inclusion of a key in `archlinux-keyring`) is to
enable someone to package for the _official_ Arch Linux repositories
This stands out to me: while AUR helpers (yay, pakku) do end up using a user's
keyring in conjunction with `validpgpkeys`, it sounds as if that's either
unexpected or some unintentional side-effect.
It's not unintended nor unexpected but the way this is designed.
When the pacman project added support for using signed packages the
support for pacman and makepkg tools was implemented as two systems with
their own keyring .
pacman uses the /etc/pacman.d/gnupg folder , details on
https://wiki.archlinux.org/title/Pacman/Package_signing .
Note that archlinux-keyring is NOT a pacman component but was added
later by arch devs to solve issues with updating the keys used for
signing repo packages .
Makepkg got a separate system that gets keys from the user keyring at
$HOME/.gnupg .
Keep in mind that aur helpers don't build things themselves but use
makepkg to do the building .
Lone_Wolf