> > > Looks like people tend to forget about updating pacman keyring. > > > > pacman-key --refresh-keys > > is'n this done automatically? should it? > I personally can't see how it (an upgrade hook in a package) could. The pacman-keyring package can (and does) do some maintenance operations on upgrades, but things like OP's issue (I noticed the same thing as well) is more likely to occur due to a completely unrelated package coming with signatures from a new key without the pacman-key package being touched. What could be done would be to make pacman automatically download any and all needed keys without user intervention. This shouldn't be a security issue since the web of trust should still be enforced (i.e. this wouldn't mean you'd just blindly trust random keys, just that pacman would do the equivalent of `pacman-key --refresh` when necessary). I don't know if this has already been considered and rejected by the pacman devs. >
