Master Signing Keys
This page lists the Arch Linux Master Keys. This is a distributed set of keys that are seen as "official" signing keys of the distribution. Each key is held by a different developer, and a revocation certificate for the key is held by a different developer. Thus, no one developer has absolute hold on any sort of absolute, root trust.
The 1 key listed below should be regarded as the current set of master keys. They are available on public keyservers and should be signed by the owner of the key.
| Master Key | Full Fingerprint | Owner | Owner's Signing Key | Revoker | Revoker's Signing Key | Developer/Package Maintainer Keys Signed |
|---|---|---|---|---|---|---|
| 0x12855606 | 3C6B 9E08 0491 9315 D83B 1809 5844 91C1 1285 5606 | Luca Weiss | 0xCD2D02CD | Luca Weiss | 0xCD2D02CD | 1 |
Master Key Signatures
The following table shows all active developers and package maintainers along with the status of their personal signing key. A 'Yes' indicates that the personal key of the developer is signed by the given master key. A 'No' indicates it has not been signed; however, this does not necessarily mean the key should not be trusted.
All official Arch Linux developers and package maintainers should have their key signed by at least three master keys if they are responsible for packaging software in the repositories. This is in accordance with the PGP web of trust concept. If a user is willing to marginally trust all of the master keys, three signatures from different master keys will consider a given developer's key as valid. For more information on trust, please consult the GNU Privacy Handbook and Using trust to validate keys.
| Developer | PGP Key | Luca Weiss 0x12855606 |
|---|---|---|
| Luca Weiss | 0xCD2D02CD | Yes |
Visualization of PGP Master and Developer Keys
Developer Cross-Signatures
This table lists signatures directly between developer keys.
| Signer | Signee | Created | Expires |
|---|