On 05/12, Marc Lehmann wrote:
Actually, from the reference you provide, this seems to be exactly _not_ the case. I'm certainly no expert in arch packaging, but it looks as if the arch package needs to explicitly add any gnupg signature files to the source array, otherwise they wouldn't be checked.
I can't find anything in the documentation that would indicate that the existance of a .sig file on the server would trigger a mandatory, unavoidable check.
Correct, I was only talking about .sig files that the build system can actually see, i.e. are part of the source array. makepkg doesn't download files you don't tell it to, that would be quite insane indeed. Sorry for the confusion. Regards, Tharre -- PGP fingerprint: 42CE 7698 D6A0 6129 AA16 EF5C 5431 BDE2 C8F0 B2F4