Request #11319 has been rejected by Eschwartz [1]: Checksums don't add security, that's why they're the "integrity check", not the "security check". Do you know how many [core] packages don't have PGP signatures available at all? Those are used on far more devices. Granted, using PGP when available is always nice. But I don't see you screeching at the non-dkms package maintainer to fix *his* packages which don't use PGP either... So much for the "security flaw". As for maintainers taking "weeks for a simple update", not everyone can update the very day something is released, you get what you pay for and sometimes not even that in the AUR. This is why we offer maintainers grace periods, because otherwise no one would be able to maintain packages for more than two or three upstream updates before some overwrought individual throws a tantrum and claims the package for themselves. We can discuss this as and when that becomes relevant, but this is not even currently out of date... Your false complaint about security gets extra points taken off of my likelihood to care what you have to say. [1] https://aur.archlinux.org/account/Eschwartz/