repository keyrings for COMINTERN-hosted projects are hosted separately from the project repository, to ensure that only authorized users can modify them. keyrings are only writable by users with root access to the COMINTERN server. official releases of our projects will always be signed with one of the keys in the associated keyring, and any tarball or package purporting to be an official release should always be verified against that keyring before building or installing it. you should never use any other authentication source for these projects.