> Does Parabola have some sort of keyring that all the upstream keys go > into? Or did I misinterpret your suggestion? I'm not familiar with the > Parabola package management system.
No, Parabola does not collect upstream keys into any centralized keyring. When you are building a package from source, the Parabola build system verifies the GPG signature of the source archive if the developer's key is in your keyring. Else, it raises an error and asks you to get the required key manually. There is also an option that tells the build system to automatically fetch the key if it is not in your keyring.
signature.asc
Description: PGP signature
