On Fri, Jan 14, 2022 at 04:57:00PM -0800, Brett Cornwall via arch-dev-public wrote: > On 2022-01-14 21:12, David Runge via arch-dev-public wrote: > > To all that have added a new @archlinux.org UID or have created a new > > key, please make sure that all signatures you have received from main > > signing keys are also present in the current keyring (`pacman-key > > --list-sigs <nick>@archlinux.org`) or in the current HEAD of > > archlinux-keyring (`./keyringctl inspect <nick>` in a clone of the > > archlinux-keyring repository). If you have signatures that are not yet > > in the keyring, you can add them yourself [2] and do not have to wait on > > a main signing key holder to do it. > > Thanks for your work on this initiative. > > I see that my key has made it but the trust is only marginal: > > > [~]$ pacman -Q archlinux-keyring > archlinux-keyring 20220114-1 > [~]$ pacman-key --list-sigs ain...@archlinux.org > gpg: Note: trustdb not writable > pub ed25519 2018-10-03 [SC] [expires: 2022-07-18] > BE2DBCF2B1E3E588AC325AEAA06B49470F8E620A > [snip] > uid [marginal] Brett Cornwall <ain...@archlinux.org> > sig 3 A06B49470F8E620A 2021-11-18 Brett Cornwall <br...@i--b.com> > sig 4DC95B6D7BE9892E 2021-11-20 David Runge (Arch Linux Master Key) > <dv...@master-key.archlinux.org> > > > > Is this expected behavior?
No it's not :) It seems like you haven't pulled the signature from Florian which is on your issue. But you still need one signature for full trust. This means you still need to sign packages with the br...@i--b.com UID. -- Morten Linderud PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
