Hi, Thanks for the suggestion. (Sorry for the delay, I'm just back from Boston ;-) Eli Zaretskii writes: > Thanks, but please add a defcustom to disable this check (e.g., > because gnupg isn't installed, and isn't going to be). Done. Now it has package-check-signature option, which can be set either: nil (no signature verification), t (always check signature), or allow-unsigned (skip signature verification if no .sig file is provided, default). Actually I wondered whether it should be a per-archive option rather than a global option. But I'd leave it as global, for simplicity. > In general, I think .sig files are there for those who want to verify > the packages, but users should not be forced to do that as a > prerequisite for downloading. (And no, the y-or-n-p question doesn't > cut it: it's a nuisance to have to answer that question every time.) Agreed. Removed the y-or-n-p question. Other than those, I changed a bit: * display "unsigned" status on the package listing and the description buffer. * fixed the verification logic. The .sig file might contain multiple signatures and it should be considered as verified when one of those is good. * import the default keyring from /package-keyring.gpg.