Instead of being rude, maybe actually check what you're saying.
$ gpg --verify chocolate-doom-3.0.1.tar.gz.asc
gpg: assuming signed data in 'chocolate-doom-3.0.1.tar.gz'
gpg: Signature made Wed 24 Jun 2020 08:22:20 PM PDT
gpg: using RSA key 6D2C117E0310664497AA9546F6C2EE9C23354344
gpg: Good signature from "Simon Howard <fraggle@soulsphere.org>" [unknown]
gpg: aka "Simon Howard <fraggle@gmail.com>" [unknown]
in the PKGBUILD:
validpgpkeys=('6D2C117E0310664497AA9546F6C2EE9C23354344')
Pinned Comments
chungy commented on 2017-01-18 02:40
You'll either need to import fraggle's public key (available here: https://soulsphere.org/gpg-key.txt or https://keybase.io/fraggle), or run makepkg with --skippgpcheck