Hi,

I'm in the process of upgrading the geany-plugins package for Arch Linux.

However, makepkg complains about the 01380DF54FD09D02 key that is mentioned on the download page:

==> Making package: geany-plugins 1.38-1 (Mon Oct 11 11:21:33 2021)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found geany-plugins-1.38.tar.bz2
  -> Found geany-plugins-1.38.tar.bz2.sig
==> Validating source files with b2sums...
    geany-plugins-1.38.tar.bz2 ... Passed
    geany-plugins-1.38.tar.bz2.sig ... Skipped
==> Verifying source file signatures with gpg...
    geany-plugins-1.38.tar.bz2 ... FAILED (unknown public key 01380DF54FD09D02)

I also get gpg: key 01380DF54FD09D02: no user ID when importing it with gpg:

% gpg --keyserver hkps://keys.openpgp.org --search-keys 01380DF54FD09D02
gpg: data source: https://keys.openpgp.org:443
(1)       256 bit EDDSA key 01380DF54FD09D02, created: 2021-10-09
Keys 1-1 of 1 for "01380DF54FD09D02".  Enter number(s), N)ext, or Q)uit > 1
gpg: key 01380DF54FD09D02: no user ID
gpg: Total number processed: 1

Is everything in order with the current PGP/GPG key?

I would prefer not to skip the key validation. For many packages, a signature and key are not available, and I appreciate that it is available for geany-plugins.

Cheers!


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.