On 10/25/11, Denis A. Altoé Falqueto <denisfalqueto@xxxxxxxxx> wrote: > > I didn't understand what you mean by "correct the errors" and > "signature verification stuff doesn't work". Would you mind to > elaborate on that? I meant that when I did the first updates this morning, I got an eror on every package because the key for each package (signature) wasn't valid. I figured that meant it couldn't be verified or something. Yes, I know little about overall pgp and web of trust so have a lot to learn there. At this point, I'm more enclined to "trust" the signatures or keys from the 12 Arch devs than anyone else right now. I really don't know of anyone with a pgp key I could assume as a trusted party. If I'm using wrong terms here or acting ignorant, it is probably because I am:). So for now I'm using trustall but wonder if that is generally a good idea since someone else could come along with a netharious package and blow the whole thing.
