Unable to upgrade community/rekonq (PGP signature issue)

[2011-12-20 19:38:19 +0530] Keshav P R:
> error: rekonq: key "22AD5874F39D989F" is unknown
> error: key "22AD5874F39D989F" could not be looked up remotely

This seems to be Peter Lewis signing with (one of his many) subkeys...
(Not sure why he does that.)

Do `gpg --recv-key E19DAA50` (primary ID) to get his key.

--
Gaetan

[2011-12-20 20:19:13 +0530] Keshav P R:
> There seems to be many new User IDs and Signatures. Should I do "pacman-key
> --refresh-keys" periodically?

Actually, `--refresh-keys` will only update signatures; to get the new
keys you must either import them from pacman as you install packages
signed by previously unseen keys, or use an ugly script like that to get
all new keys at once:

curl https://www.archlinux.org/{developers,trustedusers}/ |
awk -F" '(/pgp.mit.edu/) {sub(/.*search=0x/,"");print $1}' |
xargs sudo pacman-key --recv-keys

--
Gaetan

[2011-12-20 20:36:02 +0530] Keshav P R:
> Now that I have refreshed the list of keys. How should I import them all?

You are confusing a bit of everything.

There are two ways to get the new keys into your pacman keyring:
- let pacman download them when you install packages signed by them;
- run my ugly script.

> Should I do
>
> # pacman-key --updatedb

No. The `--updatedb` option updates the trustdb, which GPG does
automatically anyhow. It's always safer to read the manual to know what
options do rather than trying out random combinations.

--
Gaetan

[2011-12-20 15:57:02 +0000] Peter Lewis:
> I have my master key stored offline, and I hope it will last forever

I see. It's just to bad that it is only 1024-bit long... RSA and DSA
keys of this length will probably be crackable in ten/fifteen years.
(And I'm sure the NSA can already do it.)

--
Gaetan

[2011-12-20 15:57:02 +0000] Peter Lewis:
> Did this:
>
> % pacman-key -r 22AD5874F39D989F
>
> not work for you?

It seems like it does, but my ugly script had already imported your key.

--
Gaetan