Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#52363 - {archweb} Automate PGP keyring issues

Attached to Project: Arch Linux
Opened by Jelle van der Waa (jelly) - Wednesday, 04 January 2017, 09:32 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 04 January 2017, 15:04 GMT
Task Type Feature Request
Category Web Sites
Status Assigned
Assigned To Dan McGee (toofishes)
Angel Velasquez (angvp)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 2
Private No



When a Trusted User or Developer steps down, his key may be left in the archlinux-keyring package.
There is no automation to revoke this key or update the keyring package, so there should be
some automation in place to handle this :)

Some scenario's which can be automated:

* When a key is in the keyring but there is no archweb entry, report an issue.
* When a fingerprint is registered in archweb but not in the keyring, report an issue
* When a key is almost expired report an issue.

The issues can be shown in archweb or mailed to a mailing list.
This task depends upon

Comment by Mario Scondo (mario.scondo) - Tuesday, 12 September 2017, 13:53 GMT
I'm not sure regarding the reason of recurring keyring problems. Sometimes it is quite simple to solve these problems by executing 'pacman -Sy archlinux-keyring'. At times there are additional steps required to fix a broken Arch installation and systems will stop updating software and configurations.

I would like to utilize Arch-based distributions to run distributed services. But these strange keyring problems require manual research and bugfixing every once in a while.

Are there any ideas how to prevent the keyring problem?
Who / What task is causing these kind of problems?