Jeremy Huntwork

> If it's possible, I would like to suggest OpenBSD's `signify` for signing purposes. It seems to be a lot simpler than GPG. Nice, thanks for the suggestion. I'll take...

So looking a little closer, gpg is pretty well embedded in the way pacman and its build script makepkg work. I think to get around that would probably require a...

Surprisingly, it looks like pacman (or maybe it's gpgme) shells out to to the gpg binary to do validation of packages. If _only_ the gpg binary is removed from the...

This may depend on #381

This evening I played around with [asignify](https://github.com/vstakhov/asignify). I was able to patch pacman to get it to use that for signature verification instead of gpgme. The current patch isn't very...

Submitted an initial set of patches upstream: https://lists.archlinux.org/pipermail/pacman-dev/2022-January/025439.html

Nice, I'd love to hear how it goes! I received some additional feedback from pacman devs about the patch here: https://lists.archlinux.org/pipermail/pacman-dev/2022-January/025496.html Based on that I was going to look at...

> It seems that `staging` repo could solve this by allowing to add packages fast and then debug them on the system if needed. So what would be the condition...

Yeah, that sounds good, I think that makes sense. Will have to think a bit about the specifics of implementing that. For example, I'd like the promotion from staging to...

The template is just there as a suggestion, a little guidance for what type of information might be helpful. I don't mind looking into the merelinux organization, I'll see what's...