On a related note, I'd love to use org-plus-contrib packages but there's no https update, and I still don't understand how to check whether packages are signed, w/ which keys, where the keys are published. Maybe I didn't do everything I could but all the other updates on my system have been far more transparent in that regard---even if unsigned, I'm at least aware of this, and if signed, I know which key they are signed with, and the key is in the keyring.
signature.asc
Description: PGP signature
