Package Details: palemoon-bin 29.4.1-1

Git Clone URL: https://aur.archlinux.org/palemoon-bin.git (read-only, click to copy)
Package Base: palemoon-bin
Description: Open source web browser based on Firefox focusing on efficiency.
Upstream URL: http://linux.palemoon.org/
Keywords: browser goanna web
Licenses: GPL, MPL, LGPL
Conflicts: palemoon
Provides: palemoon=29.4.1
Submitter: sumt
Maintainer: oberon2007 (WorMzy)
Last Packager: WorMzy
Votes: 189
Popularity: 0.39
First Submitted: 2014-06-03 14:55
Last Updated: 2021-09-14 14:40

Pinned Comments

WorMzy commented on 2019-09-01 10:01

Note that 28.7.0 was signed with the lead dev's pgp key rather that the usual Linux dev's key. You'll need to import the new key into your keyring before the pgp check will be able to verify the tarball: gpg --keyserver=keyserver.ubuntu.com --recv-keys 8FCF9CEC

See https://forum.palemoon.org/viewtopic.php?f=37&t=19907#p173793 and https://forum.palemoon.org/viewtopic.php?f=1&t=7176 for more information.

Latest Comments

1 2 3 4 5 6 ... Next › Last »

Ralf_Mardorf commented on 2021-07-21 10:28

Assuming the fingerprint is correct, verified by a web of trust, a signed checksum is used, to grant a sources used by a PKGBUILD is unmodified. This for example ensure that nobody hacked the download page and replaced the source by a modified malicious source. You always only have the word of the person providing the source with the signed checksum for download, but at least nobody else can do something harmful. You better don't skip the validation. While fingerprints and the web of trust are sensitive topics, still consider to use checksums.

mozo commented on 2021-07-21 08:54

@andym Sure :)

andym commented on 2021-07-21 08:38

@mozo But without the checks I only have your word for it :) :) - no offence.

mozo commented on 2021-07-21 08:30

@andym Yes, but this package is safe :)

andym commented on 2021-07-21 08:23

@mozo It is ALWAYS a bad idea to skip integrity checks!

mozo commented on 2021-07-21 07:57

@T0MuX

trizen -S palemoon-bin --noconfirm --skipinteg

andym commented on 2021-07-21 07:55

@TOMuX I should have said that I am using palemoon-gtk3-bin. This is the gtk2 version.

andym commented on 2021-07-21 07:40

@TOMuX hmm - that is the wrong key I think. I cannot remember when I installed the key originally but this is what I get if I install now:

$ gpg --keyserver=keyserver.ubuntu.com --recv-keys 8FCF9CEC
gpg: key 40481E7B8FCF9CEC: "Moonchild (RSA signing key) <moonchild@palemoon.org>" 1 new signature
gpg: Total number processed: 1
gpg:         new signatures: 1

Can you say exactly what you typed? (Pouvez-vous dire exactement ce que vous avez écrit ?)

T0MuX commented on 2021-07-21 07:32

Hi, i'm totally unable to install palemoon-bin. As said in pinned comment : I used the mentionned command gpg --keyserver=keyserver.ubuntu.com --recv-keys 8FCF9CEC and this is not changing anything. I still have this :

1) If I choose Import ? YES

:: Import des clés avec gpg...
gpg: échec de réception depuis le serveur de clefs : No name
erreur lors de l'import des clés

I translate : Importing keys with gpg..... fail to receive from the key server : No name. Error while importing keys.

2) If I choose Import ? NO (cause I manually imported the key with the command in the pinned comment)

==> Vérification des signatures des fichiers sources grâce à gpg…
    palemoon-29.3.0.linux-x86_64-gtk2.tar.xz ... ÉCHEC (Clé publique inconnue 865E6C87C65285EC)
==> ERREUR : Une ou plusieurs signatures PGP n’ont pas pu être vérifiées.
erreur lors du téléchargement des sources : palemoon-bin

I translate : Checking the source files signatures with gpg.... FAIL (Unknown public key 865E6C87C65285EC) FAIL : One or more PGP signatures couldn't be checked.

Thank you.

WorMzy commented on 2021-06-18 15:29

@alad, presumably to maintain consistency with the source-built packages. 'palemoon' has always been gtk2, and will remain as such until upstream no longer support it.