I've recently written a paragraph on how to build Arch Linux packages on pkgbuild.com (a.k.a. soyuz): https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#Remote_buil... To perform the complete operation on soyuz, we need to forward the gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP / Web of Trust security model: for a person with root access to soyuz, the private key is only one passphrase away. Thoughts? As I understand it for now, the full-PGP way to package on soyuz is to only run extra-x86_64-build there. All other operations can be run locally. The only area where I'm left in the dark is the "archrelease" step of "communitypkg": what's the equivalent on a foreign distribution? -- Pierre Neidhardt