FS#73334 - [archlinux-keyring] Please remove my key from archlinux-revoked
Attached to Project:
Arch Linux
Opened by Gaetan Bisson (vesath) - Wednesday, 12 January 2022, 00:28 GMT
Last edited by David Runge (dvzrv) - Friday, 14 July 2023, 10:23 GMT
Opened by Gaetan Bisson (vesath) - Wednesday, 12 January 2022, 00:28 GMT
Last edited by David Runge (dvzrv) - Friday, 14 July 2023, 10:23 GMT
|
Details
Every update of archlinux-keyring disables my key
(fingerprint: 1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE )
from the pacman keyring, even on local installs when I've
manually signed this key as trusted. That is annoying since
I then have to re-enable it every time.
Besides it should not be required anymore: I resigned as a developer two years ago so there's been ample time for my key to get disabled on every other install. And finally my key is not signed by any of the master keys so I don't see why it needs disabling. Cheers! |
This task depends upon
Closed by David Runge (dvzrv)
Friday, 14 July 2023, 10:23 GMT
Reason for closing: Won't fix
Additional comments about closing: It is currently not feasible for us to deal with special scenarios in keyring handling.
Possible workarounds have been outlined.
Friday, 14 July 2023, 10:23 GMT
Reason for closing: Won't fix
Additional comments about closing: It is currently not feasible for us to deal with special scenarios in keyring handling.
Possible workarounds have been outlined.
Everything else is tooling from keyring repository, keyring packaging and pacman hooks. I do not think we want to change that. Any thoughts, dvzrv?
Steps you can take on your side:
* use a new key
* add another pacman hook that enables your key and runs after the general keyring hook
However let me clarify that I am only asking for archlinux-keyring to stop disabling my key, as in line 377 of pacman-key (run by archlinux-keyring's install file) which does "printf 'disable\nquit\n' | gpg ...". This really does nothing but flip a bit somewhere.
Naturally I am not asking for the revocation certificates on the master key signatures to my key to be removed. And since my key has no more signatures from any master key it cannot be used for packaging. So there is no need to keep disabling it update after update.
Cheers.