I'm sure everyone has read the following from LWN . I was just thinking
that Debian has had package signing for a while, and the top users of the
PGP Strong Set  (maybe even most of it) are Debian developers. Seeing as
though Debian has such a strong history with OpenPGP and package signing, I
was wondering if we could help them along.
Dan McGee, the lead Arch Linux developer, has stated  that he is willing
to accept patches getting OpenPGP implemented into Pacman and the rest of
So, given the history of package signing with Debian, I'm wondering if
there is anything we can do as a project to help another project out. Be it
documentation, how-tos, patches, whatever. It appears to be open for
discussion , and even though I'm a hardcore Debian user through and
through, it would be great to see another GNU/Linux operating system step
up in the security ranks.