Hi,
I'm in the process of upgrading the `geany-plugins` package for Arch Linux.
However, `makepkg` complains about the 01380DF54FD09D02 key that is mentioned on the [download page](https://plugins.geany.org/downloads.html):
``` ==> Making package: geany-plugins 1.38-1 (Mon Oct 11 11:21:33 2021) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found geany-plugins-1.38.tar.bz2 -> Found geany-plugins-1.38.tar.bz2.sig ==> Validating source files with b2sums... geany-plugins-1.38.tar.bz2 ... Passed geany-plugins-1.38.tar.bz2.sig ... Skipped ==> Verifying source file signatures with gpg... geany-plugins-1.38.tar.bz2 ... FAILED (unknown public key 01380DF54FD09D02) ```
I also get `gpg: key 01380DF54FD09D02: no user ID` when importing it with `gpg`:
``` % gpg --keyserver hkps://keys.openpgp.org --search-keys 01380DF54FD09D02 gpg: data source: https://keys.openpgp.org:443 (1) 256 bit EDDSA key 01380DF54FD09D02, created: 2021-10-09 Keys 1-1 of 1 for "01380DF54FD09D02". Enter number(s), N)ext, or Q)uit > 1 gpg: key 01380DF54FD09D02: no user ID gpg: Total number processed: 1 ```
Is everything in order with the current PGP/GPG key?
I would prefer not to skip the key validation. For many packages, a signature and key are not available, and I appreciate that it is available for `geany-plugins`.
Cheers!