I just got my Lenovo thinkpad updated on Cinnamon, haven’t updated for about two weeks.
After the update, 115 packages, it says, checking keys in keyring, downloading required keys…
and I get the strange message "Import PGP key xxxx, “Sergej Pupykin spupykin@archlinux.org”? [Y/n]
Who is Sergej pumpkin, have I been hacked???
… is a Arch repo package maintainer.
Did you have an update to archlinux-keyring as well?
Try installing it first:
sudo pacman -Syy archlinux-keyring
sudo pacman -Syu
Edit:
I’ve got actually two different keys from him:
89E7B9331C4AE7D7FAF7D305C132293954BBE4AD 3E518BF2526FD1979E8AAE4965C110C1EA433FC7
thanks for the response, have to run home from work… but let me check, what are these keys for, signatures for packages?
thanks god it’s not a cyber attack on my computer, sorry but the package maintainer has a rather suspicious name combination. No offense.
They are to make sure of that the packages are signed by its “author”, an authenticity check.
You can have a look here for more on the subject:
No, nothing that exciting 
thanks! just never seen that or did not pay attention previously.
I can’t check right now, but isn’t archlinux-keyring normally installed by default?
sure but reinstalling also redownload all the keys updated and working.
It is, but the keys get updated. Sometimes, you need to update it first before updating the packages that are signed with the keys inside it.
pacman -Sy packages doesn’t only install packages, it also updates them if they are already installed.
whoof exactly the same time 
You were a bit faster.
I saw this on my laptop when using archfi yesterday, i was like um… haha
Thanks @pebcak @dalto @joekamprad
Well I was at work, finishing Friday last minute update then read spupykin which my brain probably interpret as pumpkin plus spy = spupykin. Was just surprised to see an email in my update. The rest is just my stupid humor.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.