You are not logged in.
I was upgrading when pacman complained about having the wrong signature of some package (i3lock). I ignored that package then the upgrade went smoothly, then I noticed that it also upgraded archlinux-keyring. And then I do a upgrade once again, this time without any complain.
So it occurred to me that should we treat archlinux-keyring the same as pacman itself, i.e. put it in SyncFirst list in /etc/pacman.conf ?
Is it safe for a normal desktop user like me? Considering that I usually installed a lot of software from AUR without actually look deep into the source codes and PKGBUILD file (if everything seems good), I am not much concern about the security issue.
Or is it safe in general for most archlinux users?
Thank you.
Offline
1. This won't help if your keys become outdated before a new archlinux-keyring package is released. However you can use pacman-key --refresh-keys.
2. I've read pacman 4.1 will do away with SyncFirst.
Offline
2. I've read pacman 4.1 will do away with SyncFirst.
Correct.
Offline
1. This won't help if your keys become outdated before a new archlinux-keyring package is released. However you can use pacman-key --refresh-keys.
2. I've read pacman 4.1 will do away with SyncFirst.
Thank you for your advice.
Do it mean that I should always try pacman-key --refresh-keys if I had a signature problem when upgrading?
Offline
Its worth a shot. If it doesn't help, search first if anyone has reported it. Else submit a bug report.
Offline