Is it possible in pacman to save package signatures alongside *.pkg.tar.xz files in cache? I think it woukd be a useful security addition. For instance, recently I had to perform full system integrity check (similar to the time when kernel.org was compromised) and not being able to verify packages in cache really complicated things, as I had to first update and then download each package, verify, unpack and generate sha1sums for files (all on a clean server of course).
Thanks!
]]>