insecure fix for the gpg signature issue

Question

insecure fix for the gpg signature issue

Juesto opened this issue a year ago · 3 comments

adding allow-weak-key-signatures to the beginning of /etc/pacman.d/gnupg/gpg.conf solves the problem
this is suggested by gpg itself when you try to locally sign an affected key say, noptrix blackarch developer key
should be much better than downgrading gpg and resetting the keyring

Answer 1 · 2024-02-07T13:05:06.000Z

This has already be mentioned in the solution in one of the solved issues https://github.com/BlackArch/blackarch/issues?q=is%3Aissue+error%3A+blackarch%3A+signature+from+%22Levon+%27noptrix%27+Kayan+is%3Aclosed

But this is obviously the easy and bad way to handle it. Other solutions may be preferable.

Answer 2 · 2024-02-07T22:32:06.000Z

re-opening for re-testing.

Answer 3 · 2024-02-09T23:33:06.000Z

@Juesto thank you very much. this worked and we've updated the strap.sh accordingly. we'll use this tmp-fix until we come up with an updated keyring.