Gerhard Brauer <gerbra@archlinux.de> writes:
a) The Keyring= Option indicates pacman if the signing framework should be used
b) This var signals pacman where to find the public keyring for this repo. AND we could have different keyrings for repos. Ex.: the TU (if community packages get signed) fluctuation is IMHO bigger than on the Developers side. So keyring updates are more often necassary on community/TU side. And myself find it better to have the TUs signatures/trustlevel not in the same keyring like developers (core,extra) keyring for package signing.
c) With this var a extern repo (ex. the france yaourt repo) could offers also signed packages - and a properly public keyring.
If I understand gpgme correctly, you can't just tell it to use a public keyring from a given file. This applies to the gpg binary as well. GnuPG's paradigm is one of home directories. You specify a GnuPG home directory, such as ~/.gnupg or /etc/pacman.d/gnupg, and it looks for pubring.gpg and other necessary files in that place. One possibility is to allow overriding of GPGDir on a per-repo basis. Regards, -- Chris