|
Export and add the pgp public key referenced in `validpgpkeys()` used to
sign the upstream source package into a new `keys/pgp` subdirectory for
easy import by packagers, without relying on external keyserver
infrastructure.
IMPORTANT NOTE: inclusion of this public key is by no means a
declaration of _trust_ in this particular key's authenticity and/or
identification capabilities. Putting trust in keys is your
responsibility alone. Availability of this file just saves pacakgers
time hunting down the referenced public key. You're welcome.
Implements recommendation in
(RFC0011)[https://rfc.archlinux.page/0011-store-source-signing-keys/]
|