> I know this can be circumvented by editing the pkgbuild file and > removing the verification option, but that feels wrong. Is there a > systematic way to update the relevant keys?
You are supposed to manually download the keys, ideally from a trusted source. Another option would be to configure gpg to automatically download missing keys from a key server. Cheers, Bennett -- GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808
signature.asc
Description: OpenPGP digital signature
