On Sat, Apr 07, 2018 at 11:53:08AM +0530, Pierre Neidhardt via aur-general wrote:
To perform the complete operation on soyuz, we need to forward the gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP / Web of Trust security model: for a person with root access to soyuz, the private key is only one passphrase away.
Which is why I have been working on clave. It helps in the cases where build artefacts are large and sorta useless to download after building. But it doesn't prevent the case where a malicious root user is capable of switching the files right after build, unless you do some additional verification after generating the signing request.
Since it creates signatures with the new packet style, it won't be supported before pacman 5.1, and I plan on improving it a bit before that time.