So, I've decided to unofficially start signing my packages. We don't need pacman or namcap or support from other tools. Here is how it works. gpg --detach-sign foo.pkg.tar.xz scp foo.pkg.tar.xz.sig pkgbuild.com:~/public_html/sigs/ That is it. Mine are at http://pkgbuild.com/~kkeen/sigs/ Of course I only have one package to sign at the moment, but 0.02% coverage is better than none ;-) If you think this is a good idea, sign your packages too. (And share the link please.) -Kyle http://kmkeen.com