i like the original idea of pierre. i had the same one ;-) because it's easier to implement and could be done quite quickly. it's quite time to shift to something a little more secure, even if it's not the *most* secure one. as soon the db is signed, we have a minimum security (not total i know, i read about the exploit in this thread) package signing could be a second step as it will take even longer to complete (more work to be done in pacman and more things to agree upon) in fact, i suggest a two steps approach.