Comments were added last week, forgot to post that to the ML. Get them in JSON form at aur3.org/mirror/pkgname/comments.gz The new thing is uploads to AUR3. I was stuck on a few parts, like how to split a .sig from a .gpg (for single file uploads) and then after than how to PUT more than one file at a time. Turns out neither are possible, so I hacked up something really ugly with CGI. But except for the one little wart of a multifile POST, all the beauty of signed packages is there. If a package has a sig, its repo (in the rpc) is marked as aur3 and there will be a file at aur3.org/mirror/pkgname/pkgname.tar.gz.sig. But as I have not set up a keyserver yet, sigs are mostly for novelty value. If you want to fool around with signing your own packages, download the aur3 reference client (now in bash!) and email me your pubkey. Not the most secure means of establishing trust, but hey. Arch finally has signed (source) packages. More on http://aur3.org -Kyle http://kmkeen.com