This allows you to cryptographically sign ruby gems, so that a user can later verify that they've downloaded a copy that hasn't been tampered with or hacked.
I originally explicitly required --get-key so that we wouldn't silently download keys when we only had verification without trust. In that case it was useful to know that you didn't previously have the key. With trust, it should be fine to silently retrieve the key since we still won't past the trust check.
I originally explicitly required --get-key so that we wouldn't silently download keys when we only had verification without trust. In that case it was useful to know that you didn't previously have the key. With trust, it should be fine to silently retrieve the key since we still won't past the trust check.