It might be a good idea to insert a
pacman-key --refresh-keys ( or other command )
somewhere early on in the install procedure.
Last 6 weeks or so has seen a number of packages
with bad sigs. Pretty much messes up this package.

Yes, it would be a good idea ...
I never experienced this problem because I update daily.
I place a TAG "enhancement" for a future release.

Thanks for this addition.
However, can you also enable some sort
of no signature checking option?

I ran the key update twice during a single archdi
session and STILL got bad keys... go figure.

I really struggle to understand, I've never met these key issues.
If I could replicate, that would be easier.
Can you tell me the procedure brings you to this?

As of about 45 minutes ago it was
the KDE-apps install that triggered this.

Very strange,
Can you give me a screenshot or a picture when you encounter this problem?

Figured out what the problem is...
Seems some packagers are updating their keys and sigs
but keeping filenames unchanged. My local repo
doesn't pick up a new file unless it has a
new revision in the file name... embarrassing.
OTOH, being able to turn off that sig check
would be really handy some days.

I have never encountered this problem ...
Perhaps select another servers in /etc/pacman.d/mirrorlist

Closing issue because no return