I recently refreshed manjaro’s keyrings to find a number of redundant ones - ie expired/revoked, etc. I decided to completely clean out my /pacman/gnupg folder, deleting everything within it. then repopulating and refreshing keys. However, the redundant keys returned along with the valid ones. I made a file from –refresh-keys and there are numerous redundant keys included.
Can I remove all of these redundant keys without adversely affecting the protection of the keyring file?
Exactly. Refresh isn’t exactly working as expected (importing only good keys), so the popular opinion and unofficial advice is not to use it.
Just pull the key package from the repo and init and populate (populate should actually happen automatically on install, but to be sure).
The keys in the packages are max 1-3 Months old, so 99,9% of the things will work.
Actually, that is the process that happens automatically on manjaro - every 3 months the newer key package is installed and the keys populated, but not refreshed. And it works for many years for many users, although in theory is suboptimal solution.
OK, thanks.
Didn’t know about ‘don’t refresh keyrings’ as I just read a page here advising you to do that. Perhaps part of that page needs to be modified.
Well…there are bugs. Let’s hope at some point the refresh command will be “optimized” a.k.a. fixed to actually be productive and not counterproductive 
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.