You are not logged in.
I dont update my machines enough I guess. Today I was going about updating via pacman -Syu and got that famous invalid or corrupted package PGP Signature message.
now my understanding is that there is an issue with an out of date signature verifying a current signature and if someone goes a while without updating their own signatures it can all get messy.
but last time i tried to update this machine i had to do a bunch of stuff to get it to allow pacman to trust the package.
So i find https://bugs.archlinux32.org/index.php? … ask_id=365 with a 6 step help. okay seems lame to have to wget keys every time i update my machines but whatever.
i get to step 5 and it asks: "if the signature check-out,"
so I am pretty sure there is no malicious actors involved in this system. but when i run that check it says good signature from ....... then next line is WARNING this key is not certified with a trusted signature.
I dont quite understand the whole trust system, so any help you can give me on this issue and maybe we can fix the trust so it works as intended?
Offline
You have to update the keys only once and verify their validity. This is basically just to make sure, you have the right keys.
After updating the archlinux32-keyring things should be back to normal.
Offline