SL Baur <steve(a)xemacs.org&gt; writes: I mean the copy on the FTP site. For me (and a lot of others) packages that are not in ftp://ftp.xemacs.org/pub/pacakges/package-index.LATEST.pgp do not exist. I am intentionally stubborn here because I want to strictly act a somebody not familiar with the package system would do. That would be OK with me. gpg signatures are compatible with PGP 5 aren't they? I can bear not been able to verify (I have neither of the two installed) just as long as people who need/want to can. It is however not "simply starting" starting signing. We need to do something for that too a. Upgrade mailcrypt and make sure it handles PGP 5 and gpg correctly. b. [IMPORTANT] Make sure a package upgrade has a graceful failure mode when the index is gpg signed but you have (prepared for use) neither PGP nor gpg. It should not put out an alarming (error "Package index signature failed). Jan