Hi, my name is Shaun Kluzek. I have been using linux now for about a decade and have spent the last two years using arch linux and previously using gentoo. I studied computer science in Melbourne Australia at RMIT University and program well in C. After reading "The real story behind Arch Linux package signing" by Dan Mcgee, I headed over to Alan McRae's TODO list for package signing, and spotted the pacman signature verification, acting upon this I built the gpgme documentation from the texi files and have spent the last two days reading and understanding it( gnu don't make this very easy ). As a result, I have successfully written a small C program that verifies a detached ascii armored signature with its accompanying file against users in your keyring. The code at this stage is test code and very messy, however, it loads in a detached sig say signed.asc, then loads in the signed file somefile and then verifies it, giving the validation back in a bit vector. The code needs to be rewritten and split into some nice funtions. I have obtained the pacman source code from git and had a brief look through it just prior to writing the libgpgme stuff. Once tidied up ( into funtions and descriptive error output ) I dont think it would be much problem adding it into pacman. How should I proceed ? Shaun Kluzek