On 5/10/21 3:31 PM, Javier wrote:
> On 5/10/21 3:22 PM, Javier wrote:
>>> (2/2) checking package integrity [########################################################] 100%
>>> error: remmina: signature from "Sergej Pupykin <arch at sergej.pp.ru>" is marginal trust
>>> :: File /var/cache/pacman/pkg/remmina-1:1.4.14-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
>>> Do you want to delete it? [Y/n] Y
>>> error: failed to commit transaction (invalid or corrupted package)
>>> Errors occurred, no packages were upgraded.
>>
>> What should be done? Devs help increasing trust for Segej, other devs sign the package? I guess for users it's just a matter of time, right? or is there something to do from the user side?
>
> This is not Arch, but it sounds pretty similar to what's reported by Arch devs [1]. Would it be Artix followed the same issue?
Hmm, thinks like it. See, on arch, gnupg is still 2.2.27-1 on core. 2.3.1-1 was only on testing, and they dropped it from testing since apparently gnupg receives a couple of undocumented patches on Arch [2], and for some reason they are not working for latest 2.3.1 version, leaving gnupg for Arch broken on testing, so it was dropped from testing on Arch, and core was never upgraded on Arch apparently.
It seems somehow Artix system got the upgrade, :( Are artix devs aware?
--
Javier
[1] https://lists.archlinux.org/pipermail/arch-dev-public/2021-May/030431.html
[2] https://lists.archlinux.org/pipermail/arch-dev-public/2021-May/030434.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.artixlinux.org/archives/artix-general/attachments/20210511/3601bed5/attachment.sig>
More information about the artix-general
mailing list