Remove PGPSIG identifier from desc files
The %PGPSIG%
identifier will be dropped from binary package repository databases in the future, to reduce their size.
However, the ability to query for a given PGP key ID is very valuable to us (e.g. to identify packages that require a rebuild due to expiring or revoked key - see relevant mail thread on arch-dev-public).
Therefore we need to retain at least the signers PGP (subkey) key ID in the management repository, so that this information can further be queried. This can be done in the context of retaining the pgpsig
information in OutputPackage
, but not storing it in the repository database anymore.