Signature checking is failing despite the presence of validpgpkeys:
==> Verifying source file signatures with gpg...
duc-1.4.2.tar.gz ... FAILED (unknown public key CACDA4B54202FA2F)
==> ERROR: One or more PGP signatures could not be verified!
(as a side note providing checksums in md5, sha1, sha256 and sha512 seems a bit overkill too)
Search Criteria
Package Details: duc 1.4.3-1
| Git Clone URL: | https://aur.archlinux.org/duc.git (read-only) |
|---|---|
| Package Base: | duc |
| Description: | A library and suite of tools for inspecting disk usage. |
| Upstream URL: | http://duc.zevv.nl/ |
| Licenses: | |
| Submitter: | beest |
| Maintainer: | simon04 |
| Last Packager: | simon04 |
| Votes: | 7 |
| Popularity: | 0.627903 |
| First Submitted: | 2015-06-07 14:27 |
| Last Updated: | 2017-01-02 09:56 |
gpg --recv-keys F042F5CDB0A6EC6ACB80A829CACDA4B54202FA2F
Better to have multiple message digest than only md5. However sha512 should be sufficient.