As some of you may know, I’m trying to make ‘cabal install’ verify OpenPGP signatures that come from Hackage. I modified ‘updatePackageIndexCacheFile’ to ask whether a certain OpenPGP public key should be trusted, but I later discovered that the mentioned function is called twice during ‘cabal update’*, which means that all questions are also asked twice. I believe this doesn’t affect #1443 anymore. If so, please apply the attached patch. * ‘update’ uses ‘updateRepo’ and ‘checkForSelfUpgrade’. The former runs ‘updatePackageIndexCacheFile’ via ‘updateRepoIndexCache’. The latter calls ‘updatePackageIndexCacheFile’ via a sequence of calls from ‘getSourcePackages’ to ‘getSourcePackages’’ to ‘readRepoIndex’ to ‘whenCacheOutOfDate’.