Hello,
while updating (terminal, paru -Syu), I get the following message:
: keys need to be imported:
D637032E45B8C6585B9456565D2EEE6F6F349D7C wanted by: lib32-gstreamer-1.28.3-1 (lib32-gstreamer lib32-gst-plugins-base-libs)
Silly question as may be, could anyone advise on whether this is safe to do?
Thanks.
cscs
May 12, 2026, 8:29pm
2
Search up the key and owner and decide.
Details on how to manage might be found at the wiki like here;
Managing is all good, but how does this link answer the specific question I am asking?
cscs
May 15, 2026, 2:31am
4
Sections like
Searching and receiving keys
To find out details of a key on the keyserver, without importing it, do:
$ gpg --search-keys *user-id*
To import a key from a key server:
$ gpg --receive-keys *key-id*
To refresh/update the keychain with the latest version from a key server:
$ gpg --refresh-keys
Warning
You should verify the authenticity of the retrieved public key by comparing its fingerprint with one that the owner published on an independent source(s) (e.g., contacting the person directly). See Wikipedia:Public key fingerprint for more information.
It is recommended to use the long key ID or the full fingerprint when receiving a key. Using a short ID may encounter collisions. All keys will be imported that have the short ID, see fake keys found in the wild for such example.
and
Key servers
See OpenPGP#Keyserver for a general overview of OpenPGP keyservers and their features.
An alternative key server can be specified with the keyserver option in one of the configuration files , for instance:
~/.gnupg/dirmngr.conf
keyserver hkp://keyserver.ubuntu.com
A temporary use of another server is handy when the regular one does not work as it should. It can be achieved by, for example,
$ gpg --keyserver *hkps://keys.openpgp.org/* --search-keys *user-id*
Which also linked to
Keyserver
Key server implementations of the OpenPGP HTTP Keyserver Protocol offer varying feature sets while providing users access to OpenPGP certificates.
Some keyserver instances synchronize OpenPGP certificates amongst each other, forming a pool of hosts that serve the same key material.
Most keyservers accept OpenPGP certificates without authentication or validation . However, some newer implementations enforce the validation of User IDs by sending a verification e-mail to addresses connected to an uploaded certificate.
All keyservers in the below table are GDPR compliant, as they provide a necessary public service for the ecosystem, allow the removal of personal data and/ or enforce opt-in of its publication.
Third-party identity certifications are not distributed by all keyservers.
If you need an easy answer then was far as I can tell that key is actually a verified key owned by one of the gsteamer devs.
Whether you need that package at all may be another question.
To install lib32-gstreamer or lib32-gst-plugins-base-libs, you usually need to import the GStreamer Foundation signing key to satisfy AUR (Arch User Repository) pgp verification .