SbK project status - SbK users please read

In between series I like to do things that will improve the project and user experience before the next series. The 21.1 series is done.
Thinking about the 21.1 series one of the later improvements was providing signed iso’s. Sadly when looking into providing them I learned the way I created the gpg key produced a key that is good for signing emails, not software. I like to be proactive with security, so far, to my knowledge we have had no security problems. I would like to keep it that way.
It was my first key, and it looks like I had a lot to learn. After reading a lot on gpg keys I learned a lot more. I ended up with an Ed25519 key. Some friends I have known 20+ years and who occasionally help with the project created Ed25519 keys and we all signed each key during a zoom meeting. The next step was to repackage 155 packages with the new signing key.
The repository would be a problem. I only have 1gb of hosting space. So I couldnt duplicate a little over 600mb of packages easily. I came to the conclusion that the newer signed packages are the future. But I had a user base that was using the old key. To prevent the user base from getting pamac errors I cut down the old repository to a handful of packages that are part of the desktop of some spins. The themes have been moved to the new repository.
SbK users now have to make a choice.

  1. Do Nothing. You will lose access to the themes, wallpapers, and icons. The old repository will exist for at least a few years to prevent errors.
  2. Enable the new repository and add the new key. While you are adding the new section to pacman.conf delete the old one.
  3. Remove the old SbK repository from pacman.conf and only use the Manjaro repository.

The path forward for the project is that all future releases will have the new repository enabled and all future iso’s will be signed with the new key. Work on has already started to document the changes.

Thanks for reading. As always questions and comments are welcome.


1 Like

I will be re releasing the 21.1 series with signed iso’s and the new repository enabled. Lxqt and Xfce-Compiz are uploading now. But its rather slow. They should be ready in the morning for download.

9/4/21 all of the 21.1 series now have updated iso’s uploaded. The original posts for each desktop have links to the new files.

It looks like after I built Xfce Compiz and Mate Compiz an update was made that brought the manjaro iso’s to 21.1.3. Cinnamon is building as a 21.1.3. I will likely remake Mate-Compiz and Xfce-Compiz as 21.1.3 iso’s with the same themes and edit the release posts. I am not as happy with Gnome and Lxqt as I am with the last three released. I will probably re-theme them and release 21.1.3 versions of them.