Allan McRae <[email protected]> on Sun, 21 Aug 2011 08:33:51 +1000: > On 21/08/11 07:36, Eric Bélanger wrote: > > On Sat, Aug 20, 2011 at 4:56 PM, Christian Hesse<[email protected]> wrote: > >> I've installed pacman-git on a test machine to play with package signing. > >> Since today some packages in [core] and [extra], perhaps others, are > >> signed. I found two keys on public key servers, the third one is still > >> missing. The key in question was used to sign xfdesktop. > >> > >> Is there any official place I can find keys that are used to sign Arch > >> packages? Or did I miss anything else? > > > > The keys are currently in the profiles: > > > > http://www.archlinux.org/developers/ > > http://www.archlinux.org/trustedusers/ > > > > There's probably gonna be another way (I think it's going to be a > > package) to get them once everything is setup.
I read pacman-dev, so I know abount the planned package. On the other hand I was shure there is non till now. Thanks for the links! > Note that some packages are currently signed by keys that are not > actually publicly posted anywhere so you are screwed trying to verify > them... Tobias Powalowski is still missing... > Using "SigLevel = Never" is a workaround, although kind of > against the point! I installed via pacman -U from cache directory. Thanks for your information! -- Schoene Gruesse Chris
