[Unstable] - Missing multiple Manjaro keys

Unstable update, similar missing keyring keys issue to this thread

Except this time it is missing keys from Manjaro.gpg

==> Appending keys from manjaro.gpg...                                                   
key 5BD96CC4247B52CC:                                                                    
1 signature not checked due to a missing key                                             
key CAA6A59611C7F07E:                                                                    
3 signatures not checked due to missing keys                                             
key 363DFFFD59152F77:                                                                    
1 signature not checked due to a missing key                                             
key 2B80869C5C0102A6:                                                                    
2 signatures not checked due to missing keys
key 8934292D604F8BA2:
1 signature not checked due to a missing key
key 2C089F09AC97B894:
1 signature not checked due to a missing key
key 137C934B5DCB998E:
1 signature not checked due to a missing key
key 62443D89B35859F8:
1 signature not checked due to a missing key
key DAD3B211663CA268:
1 signature not checked due to a missing key
key 8DB9F8C18DF53602:
1 signature not checked due to a missing key
key 17C752B61B2F2E90:
1 signature not checked due to a missing key
key 8238651DDF5E0594:
1 signature not checked due to a missing key

Still benign?

I can confirm this:

Upgrading manjaro-keyring (20170603-1 -> 20170919-1)...
==> Appending keys from manjaro.gpg...
key 5BD96CC4247B52CC:
1 signature not checked due to a missing key
key CAA6A59611C7F07E:
3 signatures not checked due to missing keys
key 363DFFFD59152F77:
1 signature not checked due to a missing key
key 2B80869C5C0102A6:
2 signatures not checked due to missing keys
key 8934292D604F8BA2:
1 signature not checked due to a missing key
key 2C089F09AC97B894:
1 signature not checked due to a missing key
key 137C934B5DCB998E:
1 signature not checked due to a missing key
key 62443D89B35859F8:
1 signature not checked due to a missing key
key DAD3B211663CA268:
1 signature not checked due to a missing key
key 8DB9F8C18DF53602:
1 signature not checked due to a missing key
key 17C752B61B2F2E90:
1 signature not checked due to a missing key
key 8238651DDF5E0594:
1 signature not checked due to a missing key
$ gpg --list-sigs 5BD96CC4247B52CC
pub   rsa2048 2012-05-04 [SC] [expires: 2022-05-02]
      B4663188A692DB1E45A98EE95BD96CC4247B52CC
uid           [  full  ] Guillaume Benoit (Guinux) <guillaume@manjaro.org>
sig 3        5BD96CC4247B52CC 2012-05-04  Guillaume Benoit (Guinux) <guillaume@manjaro.org>
sig          CAA6A59611C7F07E 2014-12-07  Philip Müller (Called Little) <philm@manjaro.org>
sig          62443D89B35859F8 2014-12-07  [User ID not found]
sig          8934292D604F8BA2 2014-12-07  Alexandru Ianu <alexandru@manjaro.org>
sig          73A60C59518B147D 2015-01-24  [User ID not found]
sig          2C089F09AC97B894 2014-12-07  Ramon Buldó <ramon@manjaro.org>
sig          2B80869C5C0102A6 2014-12-08  Rob McCathie <korrode@gmail.com>
sig 3        9C08A255442FAFF0 2016-02-21  Jonathon Fernyhough <jonathon@manjaro.org>
sig          7EC47C82A42D53A2 2016-04-16  [User ID not found]
sig          E3B3F44AC45EE0AA 2017-06-04  [User ID not found]
sig          8238651DDF5E0594 2017-06-02  [User ID not found]
sig          1817DC63CD3B5DF5 2017-09-15  Thanos Apostolou (manjaro maintainer) <thanos@manjaro.org>
sig          17C752B61B2F2E90 2017-05-31  [User ID not found]
sub   rsa2048 2012-05-04 [E] [expires: 2022-05-02]
sig          5BD96CC4247B52CC 2012-05-04  Guillaume Benoit (Guinux) <guillaume@manjaro.org>

It's possible the keys haven't been uploaded to the keyserver being queried (e.g. to pgp.mit.edu but not pool.sks-keyservers.net). I'd have to compare this list against the "known" list to see which team member is "guilty". :slight_smile:

1 Like

This hit Testing branch

Be good to get this sorted before it hits stable.

This only shows that some people had signed our keys in the past but are not available anymore. Might be normal users.

% gpg --edit-key KEYID
gpg> clean
User ID [...]: 139 signatures removed
gpg> save
% gpg --version
gpg (GnuPG) 1.4.18
[...]
1 Like

Missed this bit:

Yes. This isn't an issue, it's only GPG making noise.

A current list of some developer keys can be found here. I'll try to clean them up and update our way to store our keyring.

2 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by