[buug] Gentoo, Bluecurve and Linux too!

[Rick Moen]

Quoting Ian Zimmerman (itz at speakeasy.org):

> Debian has something similar, although not all packages support it.
> ls /var/lib/dpkg/info/*.md5sums

It's a more-complex issue than most people would have you believe.
The tools exist.  The signing mostly exists.  The threat model is such
that _meaningful_ verification is non-trivial. 

http://linuxmafia.com/~rick/linux-info/debian-package-signing

-- 
"Is it not the beauty of an asynchronous form of discussion that one can go and 
make cups of tea, floss the cat, fluff the geraniums, open the kitchen window 
and scream out it with operatic force, volume, and decorum, and then return to 
the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org