FS#73334 - [archlinux-keyring] Please remove my key from archlinux-revoked

Attached to Project: Arch Linux
Opened by Gaetan Bisson (vesath) - Wednesday, 12 January 2022, 00:28 GMT
Last edited by David Runge (dvzrv) - Friday, 14 July 2023, 10:23 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Pierre Schmitz (Pierre)
Christian Hesse (eworm)
David Runge (dvzrv)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Every update of archlinux-keyring disables my key (fingerprint: 1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE ) from the pacman keyring, even on local installs when I've manually signed this key as trusted. That is annoying since I then have to re-enable it every time.

Besides it should not be required anymore: I resigned as a developer two years ago so there's been ample time for my key to get disabled on every other install. And finally my key is not signed by any of the master keys so I don't see why it needs disabling.

Cheers!
This task depends upon

Closed by  David Runge (dvzrv)
Friday, 14 July 2023, 10:23 GMT
Reason for closing:  Won't fix
Additional comments about closing:  It is currently not feasible for us to deal with special scenarios in keyring handling.
Possible workarounds have been outlined.
Comment by Christian Hesse (eworm) - Friday, 11 February 2022, 21:23 GMT
Chances are that someone updates a really old machine or fiddled with the keyring before... So we want to ships all the revocation certificates - probably forever.
Everything else is tooling from keyring repository, keyring packaging and pacman hooks. I do not think we want to change that. Any thoughts, dvzrv?

Steps you can take on your side:
* use a new key
* add another pacman hook that enables your key and runs after the general keyring hook
Comment by Gaetan Bisson (vesath) - Saturday, 12 February 2022, 00:36 GMT
Thanks for your suggestions. Changing keys is impractical and I'm already using a pacman hook which I'd like to get rid of.

However let me clarify that I am only asking for archlinux-keyring to stop disabling my key, as in line 377 of pacman-key (run by archlinux-keyring's install file) which does "printf 'disable\nquit\n' | gpg ...". This really does nothing but flip a bit somewhere.

Naturally I am not asking for the revocation certificates on the master key signatures to my key to be removed. And since my key has no more signatures from any master key it cannot be used for packaging. So there is no need to keep disabling it update after update.

Cheers.

Loading...