On 5/13/21 1:22 PM, artist wrote:
> If not done already, pls check if this procedure helps:
> https://wiki.artixlinux.org/Main/Troubleshooting#Invalid_or_corrupted_packages_.28PGP_signature.29
Usually I see these problems when the packages are not signed by devs, but instead by buildbot... In that case, I'm not sure if it's OK to trust buildbot... The problem is not an issue with the artix-keyring, neither /etc/pacman.d/gnupg.
Is it OK to "pacman -U /var/cache/pacman/pkg/<package>" when they come with bad signature from a non developer (meaning a tool or a bot). Moreover, if it comes from an individual, but still with wrong signature? To me the whole purpose of signatures is to make sure the packages come from the right artix devs...
Just double checking, :)
Thanks !
--
Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.artixlinux.org/archives/artix-general/attachments/20210513/b95c605d/attachment-0001.sig>
More information about the artix-general
mailing list