boxit sync doesn't see changed package signatures
Created by: jonathonf
Upstream may upload new package signatures to fix issues with expired keys rather than rebuilding and/or bumping a package.
boxit sync currently pulls only changed packages and doesn't check whether the signature in the upstream package database, or the key file, has changed.
This can lead to situations where package signatures won't validate as the boxit server has the old package signature file.
If detecting these changes automatically isn't possible, boxit could do with a "clean" or "full sync" option to force a full sync from the upstream mirror so all files are checked and/or downloaded. Ideally this would still detect when a particular file hasn't changed and skip it.