On Sun, 4 Jan 2015 22:05:21 +0100 Christian Hesse <list@xxxxxxxx> wrote: > Hello everybody, > > pacman 4.2.0 gained support for verifying source tarballs with > kernel.org style signature. Some (even essential) packages could > benefit from that, linux and git come to mind. > > How to handle this? Report a bug for every package? Provide a list > here? A lot of it is already happening: https://www.archlinux.org/todo/validpgpkeys-integrity-check/ If you want it added to a package that isn't on that list, the bug tracker is probably the best bet. Note that the linux package already has it. Doug
