Add an API for getting signature trust?

[anishathalye]

Right now, it's possible to use Module::Signature to check if a signature is valid, but there's no API to check if it's trusted. This can be a problem.

It seems that there is some check for this, but the check prints an error to stderr, so it's not particularly useful.

Ideally, the API of verify() itself would be designed differently, perhaps like GNOME Camel, but that could (and probably would) break existing applications. So I'm not sure what's the best way to go about improving this for better security.

[audreyt]

Thanks for the suggestion! I'll be happy to take pull requests, though I'm not actively developing this module for the foreseeable future.

[anishathalye]

Okay, cool. I don't have much free time in the near future (and also, I don't really write Perl), so maybe someone else will see this issue and can work on a fix.