FS#52363 - {archweb} Automate PGP keyring issues

Attached to Project: Arch Linux
Opened by Jelle van der Waa (jelly) - Wednesday, 04 January 2017, 09:32 GMT
Last edited by Kristian (klausenbusk) - Monday, 05 June 2023, 17:42 GMT
Task Type Feature Request
Category Web Sites
Status Closed
Assigned To Jelle van der Waa (jelly)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

When a Trusted User or Developer steps down, his key may be left in the archlinux-keyring package.
There is no automation to revoke this key or update the keyring package, so there should be
some automation in place to handle this :)

Some scenario's which can be automated:

* When a key is in the keyring but there is no archweb entry, report an issue.
* When a fingerprint is registered in archweb but not in the keyring, report an issue
* When a key is almost expired report an issue.

The issues can be shown in archweb or mailed to a mailing list.
This task depends upon

Closed by  Kristian (klausenbusk)
Monday, 05 June 2023, 17:42 GMT
Reason for closing:  Upstream
Additional comments about closing:  Please report upstream if this is still relevant: https://github.com/archlinux/aurweb.
Comment by Mario Scondo (mario.scondo) - Tuesday, 12 September 2017, 13:53 GMT
I'm not sure regarding the reason of recurring keyring problems. Sometimes it is quite simple to solve these problems by executing 'pacman -Sy archlinux-keyring'. At times there are additional steps required to fix a broken Arch installation and systems will stop updating software and configurations.

I would like to utilize Arch-based distributions to run distributed services. But these strange keyring problems require manual research and bugfixing every once in a while.

Are there any ideas how to prevent the keyring problem?
Who / What task is causing these kind of problems?

Loading...