On Tue, Oct 06, 2020 at 06:17:23PM +0000, Robin H. Johnson wrote: > I'm worried about the proliferation of tiny packages just to convey the > keys; and how versioning should work if upstream rotates their keys.
That was my initial reaction as well. The app-crypt/openpgp-keys-* will potentially double the number of packages in the tree. We can probably come up with a better design. I agree with the need to make it easier for developers to check sigs before signing the manifest btw. Thanks for that -- Eray