[arch-dev-public] RFC: Store PGP keys for source file signatures in SVN

Allan McRae allan at archlinux.org
Wed Mar 2 04:19:40 UTC 2022

A new RFC (request for comment) has been opened here:


Please visit the above link for discussion.

Store the PGP signing keys listed in a PKGBUILDs `validpgpkeys` array in 
the trunk directory of SVN.

The PGP keyserver infrastructure has become increasingly brittle over 
recent years. This can make helping with updates or rebuilds of packages 
difficult due to lack of access to the valid signing key. Having the 
signing key exported along side the PKGBUILD would allow for anybody to 
import the key into their keyring and verify the source.

More information about the arch-dev-public mailing list