Greetings lovely community,
There was a recent update post to the Arch Linux Monthly blog reports here that I was curious about:
From part of that post they mention an upcoming change that will impact archlinux-keyring:
archlinux-keyring ##
The archlinux-keyring package gained a systemd service and timer unit which updates existing PGP keys used by pacman on user systems by default on a weekly basis from Arch Linux’s web key directory (WKD)[0]. This service is meant to remove the necessity for most cases of “first upgrade your archlinux-keyring and then do a system upgrade” until pacman itself will be able to deal with this scenario natively.
A new main signing key 75BD80E4D834509F6E740257B1B73B02CC52A02A was added to the keyring. Efforts to sign all active packager keys with it are ongoing, currently around 85% of the existing keys have been signed already.
I know the archlinux-keyring is sometimes an issue with system installations and/or updates from time to time. These issues aren’t major, but they typically require some searching for a workaround that’s not always obvious to the less seasoned Arch-based users. My assumption is this new systemd-timer will be able to mitigate these headaches, but I don’t know the underlying mechanics to be certain.
My question is what will this look like when the update is released? Will EndeavourOS have to tweak anything for future installs and enable this timer by default or leave it all up to the user? Will users here need to manually add the systemd-timer if they so choose? It seems like a service I’d want to enable for my system once it’s available. Are there any potential drawbacks to be aware of if it’s used? I’m aware I might’ve answered some of my own questions, but I figure it never hurts to ask and learn a bit more. My understanding is it’s not in the current package yet, so I’m curious if anyone can shed a bit of light into this I’d appreciate it very much, thank you.
Edit: Also found this r/archlinux thread, but discussion is quite small.