With this milestone we will provide a set of foundational libraries, based on a UAPI specification for the generic verification of distribution artifacts. These libraries will extend the use of a generic directory structure for OpenPGP certificates used for the verification of distribution artifacts and the use of PGPKI (aka the “Web of Trust”)

The libraries mentioned above will be integrated into the ALPM context to allow for example the full verification of packages and repository metadata. We will entirely replace the use of the legacy GnuPG software with a modern Rust-based approach in the package consumption and package source verification subsystems of the Arch Linux packaging stack.