Morganamilo
Feature request: Before system upgrade, first upgrade system keyring(s)
Have you checked the readme and man page for this feature? Yes.
Have you checked previous issues for this feature? Yes.
The idea is that when we do a system-wide upgrade like paru -Syu or paru -Syu additional-packages, we first update the keyring using something like pacman/paru -Sy archlinux-keyring. This way systems that have not upgraded in a long time (usually 2-6 months old) would usually not run into issues regarding absent or insufficently-trusted keys. We can discuss further about what actions we allow upfront keyring upgrades if this is a desired feature.
One immediate issue I see with this request is that we would need to figure out what the "keyring package" would be for each arch-derivative distro. In some rarer cases there could be more than one keyring packages, where some would correspond to unofficial repositories. Since archlinux-keyring installs files under /usr/share/pacman/keyrings, I would upgrade packages that only installs files there -- or just let the user decide in their config.
Thoughts?
