diff --git a/makepkg-i686.conf b/makepkg-i686.conf
index 6bbd6721df0b2cd2b3e0673854d3e5670f34ea54..725c2a23a7be63ecd0a17d33d153810d47f54202 100644
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -31,7 +31,7 @@ CHOST="i686-pc-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 
diff --git a/makepkg-x86_64.conf b/makepkg-x86_64.conf
index ff460ec09ce06ee6a45e23f095ebd0268c91f3de..4de5c67ed1fd8281161e9dc5a7ec1ffb1b2326dd 100644
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -31,7 +31,7 @@ CHOST="x86_64-unknown-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 
diff --git a/pacman-extra.conf b/pacman-extra.conf
index 4c5051337a27498525449f0d4f83812f5fd3ada5..0b1fea6e896a41d2c20b41d2c92104b520143e92 100644
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-gnome-unstable.conf b/pacman-gnome-unstable.conf
index 04e8f5b01647182a61cb11508ab3d490d16195d9..07495d06f13159eb0c2ad7a0837eade95fb29d88 100644
--- a/pacman-gnome-unstable.conf
+++ b/pacman-gnome-unstable.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-kde-unstable.conf b/pacman-kde-unstable.conf
index e5b95bba7e0b3430e8dbec2ea85b87e8a7763601..c0e2e8e8aff07dc0a7c33a9c6d3f4da90bb33505 100644
--- a/pacman-kde-unstable.conf
+++ b/pacman-kde-unstable.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-multilib-staging.conf b/pacman-multilib-staging.conf
index a088010c79a581b5c5890b0137c62a640678875a..dee241cd02366f14622755978e18262b7b479be3 100644
--- a/pacman-multilib-staging.conf
+++ b/pacman-multilib-staging.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-multilib-testing.conf b/pacman-multilib-testing.conf
index ee9c98886aea16290eb68c795ffa94c71c419f1a..e60a998d202551751d66c3292b07c6e7736a864b 100644
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-multilib.conf b/pacman-multilib.conf
index 696003e62a8ab34eba002a4cf4f9984946f47822..d83def4bd7465afd114f4f92020f924292cd320a 100644
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-staging.conf b/pacman-staging.conf
index 4ef48de3031c0e59be197f40966cdd565ab806e8..4a803a121b384113b43325b5227c79c0d695c594 100644
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-testing.conf b/pacman-testing.conf
index cc007e36d9b0bf84fc7ff915ffe62848edac842d..a99b99d7011383a4cb3991b91eae121668388717 100644
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #