Today package endeavouros-keyring was updated.
This means users should update this package as soon as possible in order to avoid issues when updating other packages.
Similar to what we have been doing when Arch keyring updates, you should run commands
sudo pacman -Sy endeavouros-keyring
sudo pacman -Syu
Edit 2023.05.28:
Alternatively, you can run command
eos-update
What version of endeavouros-keyring is the new one?
sudo pacman -Sy endeavouros-keyring
[sudo] password for don:
:: Synchronizing package databases...
endeavouros is up to date
core is up to date
extra 8.2 MiB 8.35 MiB/s 00:01 [----------------------------------------] 100%
warning: endeavouros-keyring-20230523-1 is up to date -- reinstalling
@manuel if you are going to be out of the EnOS x86_64 github repository for a while, I will go ahead and update the EnOS aarch64 repo with the new keyring.
Pudge
No problem, go for it! 
And it is version 20230523-1.
I think i already have it with normal updating?
[ricklinux@eos-plasma ~]$ sudo pacman -Sy endeavouros-keyring
[sudo] password for ricklinux:
:: Synchronizing package databases...
endeavouros is up to date
core is up to date
extra is up to date
multilib is up to date
error: failed retrieving file 'endeavouros.db' from mirrors.gigenet.com : SSL connection timeout
warning: endeavouros-keyring-20230523-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Package (1) Old Version New Version Net Change
endeavouros/endeavouros-keyring 20230523-1 20230523-1 0.00 MiB
Total Installed Size: 0.01 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
Yeah, normal update should work for now, but later it might not work anymore. Thatās why this thread.
It is a done deal. EnOS arm aarch64 github repo has the updated keyring.
It is already at the Alpix mirror ready to sync the remaining mirrors.
Pudge
Can someone point me to an article where the concept of this keyring is explained and why it is necessary to update it like this?
https://archlinux.org/master-keys/
Seems to be for ppl how know more than I do. 
The keyring package contains all (public) GPG keys of the packagers.
Packagers sign their packages with their (private) GPG key.
pacman validates all packages prior to installation if they were signed with any of these ātrustedā keys contained in the keyring. (Thus you can be sure a package was built by an āofficial packagerā and it has not been tampered with. A mirror could otherwise serve whatever garbage it wants and youād install it blindly)
Now if a packager changes their signing keys (or there is a new packager with a new key) and starts signing packages with it, this new key needs to be in the keyring obviously, otherwise pacman will reject installing it. Thus you sometimes need to update the keyring package (to get this new key(s) being trusted) before installing any other packages.
Now that is a very simplified explanation. For more details, see:
https://wiki.archlinux.org/title/Pacman/Package_signing
Done, thank you @manuel . For anyone confused, just run the suggested two commands, there should be no issues.
@manuel thanks for pointing out. Done without any issues
thanks ā¦ i was just thinkingā¦ may i write some details about what the hell is a keyring ?
From this side of the counter it all looks completely natural and is nothing that surprises usā¦ but from the other side you are handed a colorful cocktailā¦ 
hmmmm now i want to write an article about encryption and keys and rings in generalā¦
Top notch idea.
There is always the wiki option
However, this news plugin would be cool too, as a way to put information/articles front and foremost
@manuel , thanks for the notice. Thanks that EOS welcome pointed out there was new Software News. I find that I very good way to get my attention 
, especially for someone who spends much time offline
thank you manuel, thist worked for me. found link to this on the arch (aur) linux package forum.
:: File /var/cache/pacman/pkg/yay-12.0.5-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
Issue solved. Thank you
Ran in to a mild issue, thought Iād share just in case anyone else hit it.
Just running yay or sudo pacman -Syu, there was an update for yay and the keyring.
yay failed to update citing corruption or invalid key.
The trick was to run yay, skip the yay update, and allow the keyring update to apply first, then update yay.
I tried all the manual keyring clear and update to no avail, in the end it was, as it usually is, an order of operations issue.
Thatās not related to the keyring, so you should open a new topic for your issue.
Personally, I prefer to use the eos-update script for updating. That checks for current keyrings before the system update and does a few other useful things.
This means that most keyring problems do not occur.
LANG=C pacman -Qo "$(type -p eos-update)"
/usr/bin/eos-update is owned by eos-bash-shared 23-19.1
I created an alias for it:
alias eosu='eos-update --yay'
Done. No issues on my end.