You are not logged in.
- Topics: Active | Unanswered
#1 2012-03-23 13:55:10
- gymka
- Member
- From: Lithuania
- Registered: 2011-04-29
- Posts: 40
- Website
[SOLVED]can I trust "Pierre Schmitz"?
package "compizconfig-python" is signed by Pierre Schmitz <pierre@archlinux.de>, but in https://www.archlinux.org/master-keys/ there is no such user. can i trust him and import that key?
Last edited by gymka (2012-03-23 14:03:57)
Offline
#2 2012-03-23 13:57:43
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,410
- Website
Re: [SOLVED]can I trust "Pierre Schmitz"?
Do a bit of research what the point of the master keys is.
Offline
#3 2012-03-23 17:23:47
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,321
Re: [SOLVED]can I trust "Pierre Schmitz"?
If "there is such a user" does not imply said user to be on the list, then I don't fully comprehend the concept of "being there".
Offline
#4 2012-03-23 17:25:31
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: [SOLVED]can I trust "Pierre Schmitz"?
If "there is such a user" does not imply said user to be on the list, then I don't fully comprehend the concept of "being there".
What?
Pierre signed a package with his key, you can verify that it is his key, so what's wrong?
Offline
#5 2012-03-23 17:53:17
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,321
Re: [SOLVED]can I trust "Pierre Schmitz"?
He said Pierre isn't there, but I can see Pierre, so if "being there" doesn't mean "being there", I don't know if I am or not. It's more of a philosophical question.
Offline
#6 2012-03-23 17:56:41
- Pierre
- Developer
- From: Bonn
- Registered: 2004-07-05
- Posts: 1,964
- Website
Re: [SOLVED]can I trust "Pierre Schmitz"?
You only have to trust and verify the master keys. You can import random keys without harm.
Offline