[2015-07-19 06:52:39 +0200] Jerome Leclanche: > git tags can and should be pgp-signed, especially if the upstream is > relying purely on git for releases. Is any package not covered by > that? That would certainly be the ideal way of doing things but I don't believe pacman currently knows how to verify these. Cheers. -- Gaetan