bug#66414: GNU ELPA: Require signed tags to release new package versions

[Stefan Kangas]

Eshel Yaron <me@eshelyaron.com> writes:

> Do I understand correctly that under this proposal package
> authors/maintainers would need to opt-in to such signature validation?

Yes.

> Another option that might be worth considering is to continue releasing
> packages, with or without a valid signature, and instead to indicate the
> absence or invalidity of a signature in the packages list and in other
> package.el commands.

Yes, something like that is what I had in mind.