Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#29471 - Validity of (ex) developer keys
Attached to Project:
Arch Linux
Opened by Nikolai Maziashvili (mkudro) - Sunday, 15 April 2012, 13:40 GMT
Last edited by Allan McRae (Allan) - Friday, 27 April 2012, 06:27 GMT
Opened by Nikolai Maziashvili (mkudro) - Sunday, 15 April 2012, 13:40 GMT
Last edited by Allan McRae (Allan) - Friday, 27 April 2012, 06:27 GMT
|
DetailsWhen installing virt-manager i was asked to add key from Angel Velasquez for python2-cairo package. But i couldn't find him on dev list (https://www.archlinux.org/master-keys/) - point of reference for me. So key verification was not possible, so i emailed him and Angel was king enough to response and indeed confirm my thought that he was not developing for arch anymore.
I know i sound paranoid here, but what is the point of key signing if we just go and accept everything that comes along. I have no reason, especially after communicating with Angel, not to trust/import his key, but this is not my point. If his key is still regarded as trusted/valid, although he is not dev any more, he still should remain on the list until someone takes over and resigns the package. |
This task depends upon
Comment by Ionut Biru (wonder) -
Sunday, 15 April 2012, 15:37 GMT
look in Fellows Profiles
Comment by Nikolai Maziashvili (mkudro) -
Sunday, 15 April 2012, 23:37 GMT
Thnx Ionut, didn't know about that. Still very new to arch :).