@polygamma, I read, duly noted and fully understood the pinned comments. The PKGBUILD was asking for this key to be installed and it failed. I thought that you would want to know as the package cannot be updated without the key. I fully apologize for making any comments on this page. @andreyv, thanks I tried that and it did not work. I'll just wait until it sorts itself out.
Search Criteria
Package Details: aurman 2.22-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/aurman.git (read-only, click to copy) |
---|---|
Package Base: | aurman |
Description: | AUR helper with almost pacman syntax |
Upstream URL: | https://github.com/polygamma/aurman |
Licenses: | MIT |
Submitter: | polygamma |
Maintainer: | polygamma |
Last Packager: | polygamma |
Votes: | 199 |
Popularity: | 0.006525 |
First Submitted: | 2018-03-20 21:31 (UTC) |
Last Updated: | 2023-05-14 20:28 (UTC) |
Dependencies (9)
- expac (expac-gitAUR)
- git (git-gitAUR, git-glAUR)
- pyalpm (pyalpm-gitAUR)
- python (python37AUR, python311AUR, python310AUR)
- python-dateutil
- python-feedparser
- python-regex (python-regex-gitAUR)
- python-requests
- python-setuptools
Required by (1)
- aconfmgr-git (optional)
Sources (1)
Latest Comments
« First ‹ Previous 1 .. 5 6 7 8 9 10 11 12 13 14 15 Next › Last »
Cavsfan commented on 2018-06-18 18:23 (UTC) (edited on 2018-06-18 18:23 (UTC) by Cavsfan)
eschwartz commented on 2018-06-18 17:06 (UTC)
Please do not ask for support for GnuPG in the comments here. Thanks.
Also please make use of markdown backticks when posting code blocks and command output. But again this is GnuPG issues, not aurman issues.
andreyv commented on 2018-06-18 17:02 (UTC)
@Cavsfan Try https://wiki.archlinux.org/index.php/GnuPG#Import_a_public_key manually and fix any problems.
polygamma commented on 2018-06-18 17:02 (UTC)
@j1simon, @Cavsfan, really, is it that hard, to read the pinned comments and accept, that this is NOT the right place for such "issues"?
Cavsfan commented on 2018-06-18 16:56 (UTC)
I meant "Y" not "U"
Cavsfan commented on 2018-06-18 16:55 (UTC) (edited on 2018-06-18 16:58 (UTC) by eschwartz)
@polygamma, I fully trust adding this key and gave it a "U" but, it got these errors:
gpg: keyserver receive failed: No data
2018-06-18 12:44:17,909 - classes - search_and_fetch_pgp_keys - ERROR - Import PGP key 4C3CE98F9579981C21CA1EC3465022E743D71E39 failed.
2018-06-18 12:44:17,909 - main - main - ERROR -
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/aurman/main.py", line 734, in main
process(argv[1:])
File "/usr/lib/python3.6/site-packages/aurman/main.py", line 646, in process
package.show_pkgbuild(noedit, show_changes, pgp_fetch, keyserver, always_edit, default_show_changes)
File "/usr/lib/python3.6/site-packages/aurman/classes.py", line 1051, in show_pkgbuild
self.search_and_fetch_pgp_keys(fetch_always, keyserver)
File "/usr/lib/python3.6/site-packages/aurman/classes.py", line 935, in search_and_fetch_pgp_keys
raise ConnectionProblem("Import PGP key {} failed.".format(pgp_key))
aurman.own_exceptions.ConnectionProblem: Import PGP key 4C3CE98F9579981C21CA1EC3465022E743D71E39 failed.
polygamma commented on 2018-06-17 12:22 (UTC) (edited on 2018-06-17 12:40 (UTC) by polygamma)
@enbQao - Really depends on what you want to achieve. Do you want to be sure, that the guy on the GitHub picture https://github.com/polygamma is the one, who has pushed the changes? Guess you'll have to visit me in Kiel, Germany for that. Do you want to be sure, that the one who "owns" this AUR package is the one, who pushed the changes? Well, you have to hope, that nobody stole the SSH private key for this package. Do you want to be sure, that the one responsible for the GitHub repository https://github.com/polygamma/aurman is the one, who pushed the changes? Write an email to the E-Mail address mentioned on the GitHub profile and hope, that nobody hacked the GitHub Account and/or the E-Mail address.
Besides that: The PGP key has been newly created just for the purpose of signing aurman commits and releases, so there are no other people on earth who could really verify that it's the PGP key of "Jonni Westphalen". But since the commits and releases have not been signed at all just a few days ago, you do not lose any security by "trusting" the new PGP key. All in all aurman is open source, just look at the sourcecode if you want to be sure, that there is nothing "fishy".
Addition: As time passes, it's getting more and more unlikely, that the dev of aurman is not the one, who introduced PGP signing with that key, because well, guess he would not let it pass, that his accounts and private keys have been stolen without making noise.
enbQao commented on 2018-06-17 11:54 (UTC)
Hi, with the latest update, it said
"PGP Key 4C3CE98F9579981C21CA1EC3465022E743D71E39 found in PKGBUILD of aurman and is not known yet. Do you want to import the key?"
I know I can probably trust this, but how can I verify myself that I can trust this?
(seeing all the comments here I hope this is the right place to ask)
Pinned Comments