On Thu, 26 Jul 2018 18:30:01 -0400, Eli Schwartz via arch-general wrote:
What does the "web bug" have to do with this discussion?
It's a hint that not every user likes 'auto-key-retrieve', but instead only manually retrieve keys, if it makes sense to the user to retrieve a key. I don't see a valid reason, to e.g. retrieve the keys that belong to an unknown signature of an email send via a mailing list, just to get automatically keys when building something from AUR. I'm surprised that you don't question the recommendation to use 'auto-key-retrieve' without providing this hint. I don't care much about a privacy risk, but I don't see a reason to collect unneeded keys. Could you explain why it's useful to collect each key that belongs to an email signature, that is completely irrelevant to you, just to automatically add keys that are required to build a package from AUR, too?