Master Signing Keys

This page lists the Arch BSD Master Keys. This is a distributed set of keys that are seen as "official" signing keys of the distribution. Each key is held by a different developer, and a revocation certificate for the key is held by a different developer. Thus, no one developer has absolute hold on any sort of absolute, root trust.

The 4 keys listed below should be regarded as the current set of master keys. They are available on public keyservers and should be signed by the owner of the key.

Master Key Full Fingerprint Owner Owner's Signing Key Revoker Revoker's Signing Key Developer/TU Keys Signed
0x435652FF 46C5 A8C9 9AD0 13C7 3706  A733 017D 16DE 4356 52FF Anthony Donnelly 0x435652FF Anthony Donnelly 0x435652FF 0
0x9CE990E7 B11B B68D 31C3 75CF 6144  9CB5 2E1F A5C3 9CE9 90E7 Wolfgang Bumiller 0x9CE990E7 Wolfgang Bumiller 0x9CE990E7 0
0x8C32F9E3 8243 0DDC EF12 1FD2 17FC  DB55 D785 17C7 8C32 F9E3 Kim Carlbäcker 0x8C32F9E3 Kim Carlbäcker 0x8C32F9E3 0
0x128DB977 1D71 1954 C830 76BB 84AB  88E8 562C 19B4 128D B977 Claudiu Traistaru 0x128DB977 Claudiu Traistaru 0x128DB977 0

Master Key Signatures

The following table shows all active developers and trusted users along with the status of their personal signing key. A 'Yes' indicates that the personal key of the developer is signed by the given master key. A 'No' indicates it has not been signed; however, this does not necessarily mean the key should not be trusted.

All official Arch BSD developers and trusted users should have their key signed by at least three master keys if they are responsible for packaging software in the repositories. This is in accordance with the PGP web of trust concept. If a user is willing to marginally trust all of the master keys, three signatures from different master keys will consider a given developer's key as valid. For more information on trust, please consult the GNU Privacy Handbook and Using trust to validate keys.

Developer PGP Key Anthony Donnelly
Wolfgang Bumiller
Kim Carlbäcker
Claudiu Traistaru
Anthony Donnelly 0x435652FF NoNoNoNo
Claudiu Traistaru 0x128DB977 NoNoNoNo
Kim Carlbäcker 0x8C32F9E3 NoNoNoNo
Wolfgang Bumiller 0x9CE990E7 NoNoNoNo

Visualization of PGP Master and Developer Keys

Developer Cross-Signatures

This table lists signatures directly between developer keys.

Signer Signee Created Expires