On 5/13/21 3:57 PM, Javier wrote:
> Usually I see these problems when the packages are not signed by devs,
> but instead by buildbot... In that case, I'm not sure if it's OK to
> trust buildbot... The problem is not an issue with the artix-keyring,
> neither /etc/pacman.d/gnupg.
>
> Is it OK to "pacman -U /var/cache/pacman/pkg/<package>" when they come
> with bad signature from a non developer (meaning a tool or a bot).
> Moreover, if it comes from an individual, but still with wrong
> signature? To me the whole purpose of signatures is to make sure the
> packages come from the right artix devs...
>
> Just double checking, :)
>
> Thanks !
All of the artix repo (except Universe) packages are signed by the
buildbot so I hope you trust it. ;) I'm don't know what exactly caused
the bad signature in this case but indeed the wpa_supplicant-s6 package
in repo is corrupted somehow. Not a big deal since I plan to move the
testing one later today to stable although right now buildbot is being
hogged by kde packages. I'm patiently waiting.
More information about the artix-general
mailing list