Update with yay gives PGP warnings


when I update with yay:
yay -Syu

I often see this warning:
==> WARNING: Skipping verification of source file PGP signatures.

Can I just ignore it or is to smarter to, and can I somehow, turn on PGP verification?

Just a yay thing.

It kept failing on sigs …so they changed the way it works.


this was an intentional change due to an issue where yay would fail to verify gpg signatures if the keys need to be imported prior to source download verification (it downloads the PKGBUILD/aur files in parallel with the source files needed for the build). So the change was to disable gpg verification for the source download step and only enable it when actually building the package.

So … you can ignore it … or use something else like paru :wink:

Further reading:

1 Like

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.