[arch-general] pacman security when importing new keys?

[Manuel Reimer]

Hello,

today, pacman asked me to import a new signature key. So far this was 
done "automatically" using a keys-package, which, itself, was signed 
with a trusted key.

How is the new mechanism secured? Is the new way, to bring keys to 
users, prone to MITM attacks?

Thanks in advance.

Manuel