[tex-live] TeX Live repository currently unsigned

Norbert Preining norbert at preining.info
Wed Sep 13 02:38:10 CEST 2017


Hi Jonas,


> currently there seems to be a problem with the PGP signature of the main

The validity of the key was renewed, and since it was the first time
we did the renewal process we forgot one step (to update the key
where the nightly rebuild is done).

The update should *not* have been shipped out, and we will change this
so that if signing fails no update will be pushed out.

> In my opinion tlmgr should exit with an error if GnuPG is installed on
> the system, but the repository is unsigned, at least for the main TeX
...
> I appreciate that this will create problems for custom repositories that
> might not be signed at all. On the other hand, the only public

First of all, you can set this configuration option permanently in the
tlmgr config file in $TEXMFHOME/tlmgr/config with
	require-verification = 1

I am discussing with Karl whether we change tlmgr to require the *main*
repository only to have signatures, but leave subsidiary repos free
not to be signed.

All the best

Norbert

--
PREINING Norbert                               http://www.preining.info
Accelia Inc.     +    JAIST     +    TeX Live     +    Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13


More information about the tex-live mailing list