Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#54312 - [archlinux-keyring] amavisd-new package signed by unknown key
Attached to Project:
Arch Linux
Opened by Noel Kuntze (thermi) - Monday, 05 June 2017, 16:15 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 02 September 2017, 07:54 GMT
Opened by Noel Kuntze (thermi) - Monday, 05 June 2017, 16:15 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 02 September 2017, 07:54 GMT
|
DetailsDescription:
The amavisd-new package in version 2.11.0-4 is signed by an unknown key (4096R/051EAD6A6155389D69DA02E5EB763B4E9DB887A6) by Thore Bödecker (foxxx0@archlinux.org). This causes pacman to print a request to import the key. As far as I know, the key is supposed to be in archlinux-keyring, but it isn't. Please add the key or do something else appropriate to get rid of the request, because it's not inherently safe to just confirm the request. Looks like this: :: Import PGP key 4096R/051EAD6A6155389D69DA02E5EB763B4E9DB887A6, "Thore Bödecker <foxxx0@archlinux.org>", created: 2017-05-22? [Y/n] Steps to reproduce: Try to install or upgrade the amavisd-new package from community. |
This task depends upon
Comment by Jan de Groot (JGC) -
Saturday, 10 June 2017, 22:31 GMT
Pacman will only trust keys that are signed by at least 3 master keys for the official repositories. There's nothing wrong with downloading the key from a keyserver unless you change pacman.conf to trust any key.