FS#75359 - xbindkeys signature is bad

Attached to Project: Community Packages
Opened by Johannes Kamprad (killajoe) - Sunday, 17 July 2022, 20:23 GMT
Last edited by Jonas Witschel (diabonas) - Sunday, 17 July 2022, 21:42 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To No-one
Architecture x86_64
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
installing xbindkeys fails caused by signature can not get verified.

Additional info:
* package version(s) xbindkeys-1.8.7-2
https://archlinux.org/packages/community/x86_64/xbindkeys/

* link to upstream bug report, if any
https://bbs.archlinux.org/viewtopic.php?id=278064

Steps to reproduce:
on installing it shows:

```
error: xbindkeys: signature from "Konstantin Gizdov <arch@kge.pw>" is marginal trust"
```

try to verify manually shows this output:

```
sudo pacman-key --verify xbindkeys-1.8.7-2-x86_64.pkg.tar.zst.sig
==> Checking xbindkeys-1.8.7-2-x86_64.pkg.tar.zst.sig... (detached)
gpg: Signature made Di 30 Jun 2020 13:55:51 CEST
gpg: using RSA key 5359CC6BE88118B51F5C90B5607DB55FF71B7052
gpg: Good signature from "Konstantin Gizdov <arch@kge.pw>" [marginal]
gpg: aka "Konstantin Gizdov <kgizdov@gmail.com>" [marginal]
gpg: aka "keybase.io/kgizdov <kgizdov@keybase.io>" [marginal]
gpg: WARNING: This key is not certified with sufficiently trusted signatures!
gpg: It is not certain that the signature belongs to the owner.
Primary key fingerprint: 4BE6 1D68 4CB4 E317 4161 4E70 89AA 2723 1C53 0226
Subkey fingerprint: 5359 CC6B E881 18B5 1F5C 90B5 607D B55F F71B 7052
==> ERROR: The signature identified by xbindkeys-1.8.7-2-x86_64.pkg.tar.zst.sig could not be verified.
```
Trust is only marginal one should be full?
This task depends upon

Closed by  Jonas Witschel (diabonas)
Sunday, 17 July 2022, 21:42 GMT
Reason for closing:  Fixed
Additional comments about closing:  xbindkeys 1.8.7-3
Comment by Jonas Witschel (diabonas) - Sunday, 17 July 2022, 21:42 GMT
I rebuilt xbindkeys as well as all other packages in the repositories signed by an old, marginally trusted packager key: https://archlinux.org/todo/rebuild-packages-signed-by-old-marginally-trusted-packager-keys/