Arch Linux and (the lack of) package signing

The impression I get from IgnorantGuru's blog post is of someone who has stamped his foot and yelled and not got his way. I agree with him insofar as I believe that package signing should be implemented, and should be given a higher priority than the pacman developers have apparently given it. However, from what I have read (summaries of the situation by IgnorantGuru and Dan, and some of the bug reports), IgnorantGuru appears to be ignorant (ha ha) of how to go about getting something implemented in an open source project.

Protip 1: simply telling the developers that something is very important for them to do (and even that it's "easy") will not get them on your side.

Protip 2: being antagonistic (which is how IG comes across in https://bugs.archlinux.org/task/23101, for example) will not get them on your side.

In fact, IgnorantGuru's whole approach to this seems to be a textbook example of how not to get a feature you want implemented. He has been antagonistic and demanding, and has failed to get involved in the development process (in the manner generally accepted by the project) while at the same time claiming that implementing signing is easy.

In fact, the main sticking point in this whole issue seems to be that there is no-one who cares sufficiently about package signing that is both able and willing to write and maintain the code, and see the feature through to completion, in a way that is acceptable to the maintainers. And, like it or not, that's what it takes to get something done in a relatively small volunteer-run open source project like Archlinux.

All this is not to absolve Dan and Allan of any wrongdoing, however. But I am not in the least bit surprised that IgnorantGuru has not acheived his goal, given how he went about it.