Hello, as you know do you not only have to sign your package but also use a fully trusted key for this. There are a few developers and trusted users which are no longer able to publish packages due to this policy. I would suggest we set them as "inactive" in archweb, disable their ssh access and orphan their packages and bug reports. Don't get me wrong though; I don't want to kick anybody out and I'd be more than happy to welcome any of those back to our team. But if people are (temporary) inactive we need to know. Here is a list of people which didn't upload a gpg key to archweb at all. The had several months to do so and didn't reply to an additional mail I had sent in November last year. Dale Blount Aaron Griffin Tobias Kieslich Paul Mattal Mateusz Herych Imanol Celaya The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys. Kaiting Chen Kevin Piche Vesa Kaihlavirta If anybody know anything about the status of these fellow let me know. The first group can be set to inactive right away imho. I already talked to Vesa and he promised to get the missing signature soon. Finally I'd also like to encourage everyone to get all five master key signatures even if three are technically sufficient for now. Greetings, Pierre -- Pierre Schmitz, http://pierre-schmitz.com