On 10/02/15 08:15 AM, Mike Cloaked wrote: > On Tue, Feb 10, 2015 at 12:59 PM, Dennis Lange <dennis@xxxxxxxxxxx> wrote: > >> Hi Manuel, >> >> thanks for posting this thread. I also wondered about the key from >> eworm. Sure he is a trusted user but accepting keys made me a little bit >> nervous. Is there a way to verify my pacman keys? >> >> Dennis >> >> > I guess you can verify fingerprints from the list at > > https://www.archlinux.org/master-keys/ No, you don't have to anything like that. There is never a need to manually verify the keys of developers and trusted users because they are part of the web of trust model. There are 5 trusted master keys and they are part of the installation from the get go. A key is trusted if it is signed by at least 3 master keys - you only ever need to mark keys for third party repositories as trusted.
Attachment:
signature.asc
Description: OpenPGP digital signature
