How to manage packages for archlinux pacstrap and keyring

I was trying to package the arch-install-scripts for openSUSE, which contains provides pacstrap to bootstrap Arch Linux.
pacstrap needs the keyring to work, but I’ve noticed we don’t ship other keyrings.
Is it legitimate to create a new package for archlinux-keyring too — as it is found in Fedora — or, for example, could I set SigLevel = Never in the pacman.conf to disable the signature checks for the packages bootstrapped?