On Fri, 2014-08-08 at 09:46 +0200, Fabien Dubosson wrote: > It would only check that the `*.tar.gz` you received from AUR has been > signed by the maintainer The tar archives from https://www.kernel.org are signed. Is it really needed for AUR? Btw. I several years build kernels without checking the signing.