I'm currently thinking of adopting the Python-opencl package on the Arch
Linux community repositories. I noticed that there are no tarball
signatures or signed tags for the sources.
Is this intentional? I'd be more than convenient security-wise to have a
(or a set) key that I could trust when building the package :)