fix(aur): only check gpg signature after gpg import . fixes #2165

[Jguer]

only check gpg signature after gpg import

fixes #2165

[Jguer]

@jdholtz & @smolx, yay works even when removing downloadPKGBUILDSourceFanout (preparer.go:229), it would just lose concurrent downloading of pkgbuild sources and sources wouldn't be available for pre install hooks if they were to be added.

What's your opinion on PKGBUILD source downloading before install? Do you find the concurrency useful?

[jdholtz]

What's your opinion on PKGBUILD source downloading before install? Do you find the concurrency useful?

I definitely see it being useful as it can significantly speed up the total time spent downloading large AUR packages, especially during a full system upgrade. Are there any other disadvantages to removing this functionality besides the need to maintain it?

[smolx]

I don't have a strong opinion on this matter. Personally I rarely see more than 2-3 parallel downloads, so I can't really feel the effect. But definitely there are users with high speed internet connection who use AUR more extensively. They feel the maximum effect.
I also think that downloading of multiple targets in parallel is de facto standard now. Perhaps better to have it than not to have.