Project Talk:Portage/Repository verification

>In order for verification work correctly, the user has to have an up-to-date Infrastructure OpenPGP public key installed. Currently, this is done through the app-crypt/gentoo-keys package. The key has a yearly expiration date, therefore the user needs to sync and upgrade the package before the previous key expires. >

Is this still "current"? As of portage-2.3.40-r1, I don't have gentoo-keys installed, yet verification is working:

* Running emerge --sync >>> Syncing repository 'gentoo' into '/usr/portage'... * Using keys from /usr/share/openpgp-keys/gentoo-release.asc * Refreshing keys from keyserver ... [ ok ] >>> Starting rsync with rsync://88.198.69.178/gentoo-portage...

$ equery b /usr/share/openpgp-keys/gentoo-release.asc * Searching for /usr/share/openpgp-keys/gentoo-release.asc ... app-crypt/openpgp-keys-gentoo-release-20180530 (/usr/share/openpgp-keys/gentoo-release.asc)